Application Security Engineer

TL;DR

Application Security Engineer (SaaS): Owns the vulnerability management lifecycle across SAST, DAST, and SCA tooling, integrating security automation into the CI/CD pipeline. Focus on threat modeling of product and engineering designs, and serving as a trusted advisor to the engineering organization.

Location: Remote (US)

Company

hirify.global is the global utility data and energy solutions platform delivering solutions for every stage of the enterprise energy management lifecycle across carbon, cost, and reliability.

What you will do

• Own the end-to-end vulnerability management lifecycle, including triage, prioritization, and remediation of findings from SAST, DAST, and SCA tooling.
• Maintain, optimize, and extend security tooling integrations within the CI/CD pipeline, automating processes where possible.
• Launch and run a Security Champions program, embedding security knowledge into development teams.
• Act as the application-layer subject matter expert during security incidents, supporting triage, root cause analysis, and remediation.
• Partner with Product and Engineering leadership to introduce security touchpoints earlier in the SDLC, including threat modeling and design review processes.

Requirements

• 3–5 years of dedicated Application Security experience in a SaaS or cloud-native environment.
• Hands-on proficiency with at least two of the following: SAST, DAST, SCA, or CSPM tooling (e.g., Snyk, Checkmarx, Semgrep, Wiz).
• Strong working knowledge of CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI) and the ability to write and maintain pipeline integrations.
• Experience with container security (Docker, Kubernetes) and API security patterns (REST, GraphQL).
• Demonstrated ability to communicate technical risk to non-security engineers in a way that drives action, not anxiety.
• Please note that we are unable to offer visa sponsorship for this position at this time.

Nice to have

• Experience standing up or maturing a Security Champions program.
• Familiarity with cloud-native AWS security services (GuardDuty, Security Hub, IAM Access Analyzer).
• Exposure to threat modeling frameworks (STRIDE, PASTA, or lightweight equivalents).
• Relevant certifications (OSCP, GWAPT, CSSLP) — valued but not required.

Culture & Benefits

• "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
• Flexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year
• 12 annual holidays
• 10 days sick leave
• Up to 4 weeks bereavement leave
• 2 volunteer days off
• 2 professional development days off
• 12 weeks paid parental leave for _all_ parents
• 75-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents

Hiring process

• hirify.global may utilize AI-assisted technologies to help our team identify candidates who best meet the qualification criteria for this role (based on skills, experience, and education).