Senior Information Security Engineer (Application)

TL;DR

Senior Information Security Engineer (Application): Designing, implementing, and continuously improving technical security controls for internally developed applications, cloud systems, containerized, and serverless workloads with an accent on deep secure code reviews, threat modeling, and remediation of complex vulnerabilities across the SDLC. Focus on embedding security into DevSecOps pipelines, assessing AI/ML solutions, and advancing application security maturity through prioritized recommendations and integrations.

Location: United States (Remote)

Salary: $105,000 - $130,000

Company

Non-profit organization advancing stem cell transplantation and cellular therapies through donor matching and medical advancements.

What you will do

• Perform secure code reviews, identify vulnerabilities and design flaws, and provide remediation guidance for internally developed applications.
• Lead application security assessments including threat modeling, security requirements definition, and pre-release sign-offs across the SDLC.
• Drive vulnerability management by prioritizing risks, tracking remediation, and validating fixes.
• Establish secure coding standards, patterns, and developer guidance; coach engineering teams on secure practices.
• Review security of AI/ML solutions including data pipelines, model training, and inference services; define guardrails for AI features.
• Integrate security controls into CI/CD pipelines and collaborate with dev, DevOps, QA, and infra teams.
• Monitor security events, respond to incidents on a 24x7 rotating schedule, and support audits and compliance.

Requirements

• United States based (remote); able to work 40 hours/week with on-call responsibilities.
• Bachelor’s in CS or related or equivalent experience; 7+ years in info sec, software eng, DevSecOps, or related.
• 4+ years direct app sec experience with hands-on secure code review and vulnerability remediation.
• Knowledge of secure SDLC, cloud/container/serverless security (esp. AWS IAM), DevSecOps tools (SAST/DAST/SCA).
• AI/ML security concepts or equivalent complex systems experience; secure coding in Python and JS/TS/Java/Go preferred.
• Strong troubleshooting, collaboration, and ability to maintain confidentiality.

Nice to have

• Experience with AI/ML/LLM security or MLOps.
• CISSP, OWASP, GIAC, or CISM certification.
• Familiarity with OWASP, NIST, PCI DSS frameworks.

Culture & Benefits

• Comprehensive medical, dental, vision, life, disability, and wellness benefits.
• Retirement plans, paid time off, holidays, and incentive programs.
• Full-time schedule with no domestic travel required.
• Focus on compliance, continuous learning in cybersecurity trends, and collaborative team environment.