Senior Application Security Engineer
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Application Security Engineer (AppSec): Plan and execute application security testing across the software development life cycle with an accent on SAST/DAST/SCA, secure coding practices, and risk-mitigating remediation. Focus on threat modeling for production LLM stacks (autonomy and prompt injection risks), securing the software supply chain, and driving an automated, repeatable security review process.
Location: Remote (US) / Reno, NV
Salary: $111,000–$144,400 annually
Company
builds real estate analytics, data solutions, valuation technology, and automated appraisal review platforms.
What you will do
- Plan and carry out application security testing across all SDLC phases to identify vulnerabilities and weaknesses in secure coding practices.
- Assess vulnerabilities and recommend risk-mitigating solutions, using automation to improve testing and remediation efficiency.
- Communicate security findings, risks, and recommendations to stakeholders and track delivery/implementation progress against SLAs and business metrics.
- Lead AI security initiatives, including threat modeling for production LLM stacks and auditing third-party models and APIs to secure the software supply chain.
- Collaborate with architects and development teams to drive secure design practices using established security standards, configurations, and frameworks.
- Define and run an automated, repeatable security review process; monitor public security issues and train developers and junior AppSec engineers.
Requirements
- 4+ years of related experience.
- Bachelor’s degree in a technical field (Computer Science, Information Technology, Software Engineering) or equivalent experience.
- Hands-on application security testing experience with SAST, DAST, and Software Composition Analysis (SCA) tools.
- Strong application security assessment skills: threat modeling, vulnerability and penetration testing, API security, OWASP Top Ten mitigation, and securing applications in AWS and private cloud environments.
- Programming/scripting background (e.g., Java, Python, C++, Ruby, JavaScript, PowerShell, PHP).
- Relevant certifications (e.g., C|ASE, CSSLP, GWAPT, OSCP) and experience with frameworks/standards such as ISO 27001, NIST, GDPR, CIS, or SOC 2.
Culture & Benefits
- Comprehensive medical, dental, and company-paid vision insurance; 401(k) with employer match.
- Paid time off (PTO) and paid holidays; employee assistance and wellness programs.
- Company paid short-term disability coverage and company contributions to health savings funds (with a high deductible plan).
- Access to Galileo (virtual primary care) and Rula (virtual mental health resources).
- Base salary range of $111,000–$144,400 plus profit-sharing bonus program, communication stipends, and referral bonuses.
- Career and skill development resources in a mission-driven environment.
Hiring process
- Interviews to evaluate application security testing experience, threat modeling, and secure development practices.
- Discussion of security review process ownership and collaboration with product and engineering stakeholders.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →