Application Security Engineer
SmartRent · Phoenix, AZ · 2 wk ago
Information TechnologyFull-time
Responsibilities
- Develop and execute a comprehensive application security strategy aligned with business objectives and industry standards.
- Maintain and advise on secure coding standards, security documentation, and application security processes.
- Deliver application security and privacy training for development teams.
- Review source code to identify security vulnerabilities, insecure patterns, secrets exposure, and risks associated with AI-generated code.
- Triage, reproduce, and support remediation of application vulnerabilities (e.g., SQL injection, XSS, access control weaknesses) identified through automated tools (SAST, DAST, SCA) or manual analysis.
- Manage application security workflows, including task prioritization, ticket tracking, and coordination with development and DevOps teams.
- Maintain and enhance SmartRent’s responsible disclosure and vulnerability reporting program.
- Partner with developers to implement encryption, hashing, and secure key management practices.
- Collaborate with developers and engineering teams to perform threat modeling, identify attack paths, and assess weaknesses.
- Lead the investigation and mitigation of application-level security incidents, collaborating with the SOC and engineering teams to ensure rapid remediation and stakeholder communication.
- Provide guidance on security and privacy controls for cloud infrastructure (AWS), application development, and IoT hardware.
- Conduct regular application risk assessments to identify vulnerabilities and emerging threats.
- Research emerging cybersecurity risks and recommend mitigation strategies as appropriate.
- Perform adversarial testing and security validation of applications, including internal AI models and services.
- Use cloud-native security tools to identify and secure large language model (LLM) integrations and implement appropriate security guardrails.
Required Qualifications
- 4–6 years of experience in application security, including development and maintenance of security policies and collaboration with engineering and release teams.
- Experience identifying and remediating application vulnerabilities across modern programming languages, including Elixir, JavaScript, Ruby, Python, or similar languages.
- Strong knowledge of OWASP Top 10, OWASP API Top 10, and modern authentication mechanisms, including JWT and OAuth.
- Hands-on experience with application security tools, including SAST, DAST, and SCA platforms (e.g., GHAS, Burp Suite, Fortra, or similar tools).
- Experience working with cloud security controls, including AWS-native tools, web application firewalls (WAF), or similar technologies.
- Experience managing or supporting vulnerability disclosure or bug bounty programs.
- Strong written and verbal communication skills, with the ability to clearly communicate security requirements to technical teams.
- Demonstrated problem-solving and analytical skills in identifying and mitigating application security risks.
Preferred Qualifications
- Industry certifications such as CSSLP, GIAC GWAPT, CEH, or equivalent security certifications.
- Experience working with CloudFlare, AWS security services, or similar cloud-native security tools.
- Experience integrating security practices into SDLC processes.
- Experience supporting threat modeling or application security architecture reviews.
Benefits
We offer a comprehensive and competitive benefits package designed to support your well-being and future. For our US employees, this includes medical, dental, vision, and life insurance with low deductibles and 75–100% employer contributions. We also provide flexible and generous PTO (because we know how important work-life balance is), a competitive 401(k) with employer contributions, paid parental leave, discounted insurance plans for pets and legal services and an employee stock purchase plan to help you invest in your future.