Security Engineer III, Product AppSec (AI)

TL;DR

Security Engineer III (DevSecOps/AppSec): Strengthening and scaling secure software development practices across cloud-native, enterprise, and AI-enabled product environments with an accent on vulnerability remediation, secure SDLC, and developer enablement. Focus on integrating security controls into CI/CD pipelines, managing software supply chain risks, and scaling the Security Champion program.

Location: Remote (Must be a US citizen)

Salary: $151,200 — $347,500 USD (depending on geographic zone)

Company

hirify.global is a market leader in data resilience and data security posture management, specializing in securing data and AI at scale.

What you will do

• Monitor and manage security risks related to open-source dependencies, CVEs, and third-party components.
• Triage and validate vulnerabilities across applications and containers, prioritizing by exploitability and business impact.
• Coordinate patch management and automate deployment workflows with DevOps and Release Engineering teams.
• Integrate security controls (SAST, DAST, SCA) into CI/CD pipelines and automate vulnerability scanning.
• Expand the Security Champion program to improve secure coding awareness among developers.
• Contribute to threat modeling and the continuous improvement of secure SDLC processes.

Requirements

• Must be a US citizen (due to handling sensitive data and supporting federal customers).
• 5+ years of experience in Product Security, Application Security, or DevSecOps.
• 3+ years of hands-on experience with SAST, DAST, and SCA tools.
• 2+ years in vulnerability management, including triage and SLA tracking.
• Deep familiarity with CVEs, CVSS scoring, and SBOM concepts.
• Bachelor's degree in Computer Science, Engineering, or equivalent professional experience.

Nice to have

• Experience managing Security Champion programs.
• Knowledge of OWASP Top 10 and secure coding for cloud-native products.
• Familiarity with Infrastructure as Code (IaC) and compliance-driven security.
• Relevant certifications such as CSSLP, GWEB, CCSP, OSCP, or GPEN.

Culture & Benefits

• Unlimited paid time off and 12 paid holidays, including dedicated self-care days.
• Comprehensive medical, dental, and vision coverage starting on day one.
• 401(k) retirement plan with company matching contributions.
• Generous paid parental leave (8-16 weeks).
• Mental health support and digital wellness tools via Employee Assistance Program.
• Access to on-demand learning libraries like LinkedIn Learning and O’Reilly.