Senior Application Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application Security Engineer in the United States.

We are seeking a highly skilled Senior Application Security Engineer to join a fully remote, innovative engineering team. In this role, you will embed security into the software development lifecycle, ensuring secure design is the default across applications. You will lead strategy for application security tooling, automation, and developer enablement while collaborating with SREs, infrastructure, and data engineers to maintain a secure and scalable platform. This position offers the opportunity to shape security practices at scale, influence cross-functional teams, and drive continuous improvement in a dynamic, growth-oriented environment.

Accountabilities

·         Define and enforce secure coding practices, dependency management, and design reviews across engineering teams.

·         Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines.

·         Partner with developers to identify security risks early in the lifecycle for new features and systems.

·         Implement best practices for secrets handling, API authentication/authorization, and data protection.

·         Develop security guidelines, reusable libraries, and training materials to enable faster, safer software delivery.

·         Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely remediation.

·         Collaborate with platform and infrastructure teams to align application security with compliance requirements.

·         Implement monitoring, alerting, and automated remediation for security incidents across the platform.

·         Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.

·         Design and maintain least-privilege IAM roles, secrets management, and authentication flows.

·         Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and other compliance frameworks.

·         6+ years in security engineering, DevSecOps, or related roles, with experience at scale.

·         Strong communication and collaboration skills to partner effectively with product and engineering teams.

·         Hands-on experience integrating security into modern SDLC pipelines.

·         Proficient with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.

·         Solid understanding of web application security, including OWASP Top 10, API security, auth flows, and input validation.

·         Experience with AWS security (IAM, KMS, Security Hub, GuardDuty, WAF) and Kubernetes security (RBAC, OPA/Gatekeeper, network policies).

·         Programming proficiency in Python, Go, or JavaScript for building tools, writing secure code, and contributing to developer libraries.

·         Familiarity with Terraform, Helm, GitOps practices, container security, and cloud-native security best practices.

·         Knowledge of networking, encryption, and security compliance frameworks.

·         Competitive salary and comprehensive benefits package.

·         Fully remote work with flexibility to visit offices across New York, San Francisco, or Dallas with travel reimbursement.

·         Canary Days: company-wide days off each month to recharge.

·         Professional development and cross-functional learning opportunities with allocated budgets.

·         Personal travel reimbursements when staying at partner hotels.

·         Inclusive and diverse work environment with a focus on employee wellbeing and growth.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.

The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team.

Thank you for your interest!

#LI-CL1