Application Security Engineer
Packsize · Salt Lake City, UT · 2 wk ago
Information TechnologyFull-time
About the role
Packsize is seeking an experienced Application Security Engineer to champion secure software development across our technology stack. You will collaborate closely with development and product teams to integrate robust security practices into every stage of our SDLC, ensuring that security is a foundational element of our technology solutions and product innovations.
Responsibilities
- Embed with software engineering teams to guide the secure design, development, and deployment of applications, advocating for “security by design.”
- Drive the adoption of automated security tools and processes within the software development lifecycle to detect and remediate vulnerabilities early.
- Conduct threat modeling, code reviews, and vulnerability assessments for web, cloud, and OT (Operational Technology) applications and services.
- Lead security initiatives targeting improvements in Packsize’s application and machine software environments.
- Serve as a subject matter expert for application security within cross-functional forums, providing clear guidance on secure coding, secure architecture, and best practices.
- Celebrate and support the security culture within the organization.
- Lead security initiatives targeting improvements in Packsize’s application and machine software environments.
- Collaborate on the creation, maintenance, and communication of security policies and secure SDLC standards, ensuring alignment with industry regulations and compliance mandates.
- Identify, assess, and prioritize application security risks and work with engineering and business leaders to develop effective remediation strategies.
- Assess third-party and open-source dependencies for security risks, ensuring that vendor and supply chain security meet Packsize standards.
- Respond to security incidents involving applications, lead root cause analyses, and drive post-incident improvements.
- Perform regular security testing, such as SAST, DAST, and penetration testing, to validate the security of applications.
- Provide expert input on cryptography and key management for applications, ensuring robust protection of data in transit and at rest.
- Evaluate and recommend new security solutions and tools to continually improve Packsize’s application security posture.
Requirements
- 10+ years of security-related experience, with at least 5+ years in an application security or software security engineering role.
- Deep experience working with software development teams to embed security practices into the software development lifecycle and release processes.
- Technical proficiency in secure coding practices, application vulnerability scanning, and remediation.
- Experience securing OT (Operational Technology) and machine software environments, especially challenges like remote device deployment and secure firmware/software delivery.
- In-depth knowledge of cloud security best practices and architecture, especially for SaaS or IoT products.
- Demonstrated experience delivering and implementing technical security solutions for complex application environments.
- Strong background conducting security assessments, risk analyses, and security testing for applications.
- Familiarity with compliance requirements (GDPR, SOX) and security frameworks (SOC2, ISO, NIST) as they relate to application development and deployment.
- Excellent interpersonal skills; able to influence, educate, and partner with technical and business stakeholders at all levels.
- Passion for mentoring developers on secure coding and application security best practices.
Qualifications
- Able to commute to Packsize Headquarters; hybrid remote work available.
- Office-based work environment; ability to sit for extended periods and move about the office as needed.
- Periodic remote work; comfortable with a hybrid office setting.
- Ability to travel up to 15%, including international travel.
Skills
- Experience with secure coding practices, application vulnerability scanning, and remediation.
- Experience securing OT (Operational Technology) and machine software environments, especially challenges like remote device deployment and secure firmware/software delivery.
- Experience with cloud security best practices and architecture, especially for SaaS or IoT products.
- Experience conducting security assessments, risk analyses, and security testing for applications.
- Experience with compliance requirements (GDPR, SOX) and security frameworks (SOC2, ISO, NIST) as they relate to application development and deployment.
- Experience with cryptography and key management for applications, ensuring robust protection of data in transit and at rest.
- Experience with new security solutions and tools to continually improve application security posture.
Benefits
- Reasonable accommodations in the application process will be provided to qualified individuals with disabilities.
- Equal Opportunity Employer.
Pay
- Compensation details will be determined based on the role being offered, the associated responsibilities, the candidate's prior work experience, education/training, and any special skills.
Schedule
- Able to commute to Packsize Headquarters; hybrid remote work available.
- Office-based work environment; ability to sit for extended periods and move about the office as needed.
- Periodic remote work; comfortable with a hybrid office setting.
- Ability to travel up to 15%, including international travel.