Jobs · Information Technology · California

Senior Application Security Engineer

True Anomaly · San Francisco Bay Area · 3 days ago
On-siteInformation Technology$150k–$205k/yrFull-time

Responsibilities

  • Create security architecture documentation and operational security guides for government authorization processes
  • Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
  • Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
  • Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
  • Collaborate with engineering teams to address security findings and implement secure coding practices
  • Create and deliver security training to software engineers and systems administrators across the organization
  • Evaluate and integrate third-party security solutions to enhance overall security capabilities

Qualifications

  • 5+ years of experience in application security, product security, or security engineering
  • Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
  • Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
  • Experience with cloud security (Azure preferred, AWS or GCP acceptable)
  • Solid understanding of secure architecture principles including: Threat modeling and risk assessment, Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC), Cryptography and key management, Defense-in-depth and Zero Trust principles
  • Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
  • Eligible for DoD Secret or TS/SCI clearance

Preferred Skills

  • Active TS/SCI clearance or ability to obtain and maintain a security clearance
  • Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
  • Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
  • Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
  • Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
  • Experience using Ghommit tool
  • Previous experience in startups or fast-paced environments with ability to build processes from scratch

Similar jobs

Senior Software Engineer

Volund ManufacturingHuntington Beach, CA· 1 mo ago
Education$145k–$185k/yrapply on app.jazz.co

Senior Software Engineer

RobinhoodMenlo Park, CA· 2 wk ago
Information Technology$214k–$230k/yrapply on boards.greenhouse.io

Senior Software Engineer

Northwestern MutualMilwaukee, WI· 5 days ago
Engineering$119k/yrapply on careers.northwesternmutual.com