Senior Application Security Engineer (FedRAMP)

TL;DR

Senior Application Security Engineer (FedRAMP): Own end-to-end application security program for continuous controls monitoring platform serving enterprises and government agencies with an accent on threat modeling, secure design reviews, and shift-left security practices. Focus on integrating security into CI/CD pipelines, vulnerability management, penetration testing, and addressing AI-specific risks like prompt injection.

Location: Remote (US only, must be US Citizen)

Company

hirify.global is a continuous controls monitoring (CCM) platform that automates and scales security, risk, and compliance programs for enterprise and government customers under frameworks like FedRAMP, NIST, and CMMC.

What you will do

• Own application security program end-to-end: identify risks, build strategy, align stakeholders, drive implementation across engineering teams, and measure outcomes.
• Conduct threat modeling and security design reviews early in development to embed security into architecture and features.
• Coach developers on secure coding, review code for vulnerabilities, and shift security left across Core Engineering, Platform AI, Compliance as Code, Quality, SRE, and Infrastructure.
• Integrate security tooling like static analysis, dependency scanning, and secrets detection into CI/CD pipelines.
• Manage vulnerabilities: triage findings, prioritize remediation, and drive resolution from internal/external testing.
• Lead penetration testing, define secure development standards for auth, APIs, data handling, and support compliance requirements.

Requirements

• 10+ years application security experience owning programs and driving initiatives across complex organizations.
• Deep expertise in threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices.
• Proven solo practitioner: set priorities independently, influence teams without authority via technical depth and communication.
• Experience integrating security into CI/CD and modern delivery with shift-left mindset.
• Solid cloud security knowledge in cloud-native environments.
• Strong communication to articulate risks and tradeoffs to engineers, leadership, customers, and auditors.

Nice to have

• Experience with FedRAMP, NIST 800-53, CMMC, SOC 2, or regulated industries.
• Background in enterprise SaaS with multi-tenant security.
• Penetration tests, bug bounties, third-party assessments, GRC platforms.
• AI security: LLM integrations, prompt injection, AI governance.
• Certifications: OSCP, CISSP, CSSLP.

Culture & Benefits

• High autonomy role at center of engineering organization transitioning to enterprise-ready.
• Security as core engineering discipline, not checkbox.
• Collaborate across all teams including external security.
• Build security posture visibility via metrics and dashboards for leadership and auditors.