Senior Application Security Engineer (AI)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Application Security Engineer (AI): Building and enforcing security strategies within the SDLC for a hospitality-focused AI platform with an accent on DevSecOps automation, cloud-native security, and developer enablement. Focus on integrating security tooling into CI/CD pipelines, managing vulnerability remediation, and partnering with engineering teams to ensure secure design at scale.
Location: Must be based in the United States or LATAM
Company
provides a modern, AI-powered software platform for the hospitality industry, trusted by over 20,000 hoteliers globally.
What you will do
- Define and enforce secure coding practices, dependency management, and design reviews across engineering teams.
- Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines.
- Partner with developers to identify security risks early in the software development lifecycle.
- Implement secrets management, API authentication, and data protection best practices.
- Triage and prioritize findings from bug bounties, penetration tests, and automated scans.
- Automate evidence gathering and control enforcement for compliance frameworks like SOC 2 and ISO 27001.
Requirements
- 6+ years of experience in security engineering, DevSecOps, or related roles.
- Strong experience integrating security into modern SDLC pipelines.
- Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, or SonarQube.
- Strong programming skills in Python, Go, or JavaScript.
- Solid understanding of AWS security (IAM, KMS, Security Hub) and Kubernetes security (RBAC, OPA).
- Must be based in the United States or LATAM.
Nice to have
- Experience with Terraform, Helm, and GitOps practices.
- Knowledge of container security tools like Trivy, Falco, or Aqua.
- Experience with cloud-native security best practices and networking.
Culture & Benefits
- Fully remote engineering team with a global culture.
- Canary Days: Monthly company-wide days off to ensure work-life balance.
- Self-Improvement Club: Monthly budget for personal goal-related purchases.
- Travel Reimbursement: Stipends for visiting offices in New York, San Francisco, or Dallas.
- Personal Travel Reimbursement: Credits for stays at partner hotels.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →