Senior Application Security Engineer
True Anomaly · San Francisco Bay Area · 3 days ago
On-siteInformation Technology$150k–$205k/yrFull-time
Responsibilities
- Create security architecture documentation and operational security guides for government authorization processes
- Drive vulnerability management program with defined SLAs for remediation (30/90/180 days by severity)
- Perform security code reviews for Elixir, Python, C++, and JavaScript codebases
- Collaborate in the triage and management of security automations using SAST (CodeQL, Semgrep), SCA (JFrog Xray), and DAST tools
- Collaborate with engineering teams to address security findings and implement secure coding practices
- Create and deliver security training to software engineers and systems administrators across the organization
- Evaluate and integrate third-party security solutions to enhance overall security capabilities
Qualifications
- 5+ years of experience in application security, product security, or security engineering
- Hands-on experience implementing security controls for compliance frameworks such as NIST 800-171, NIST 800-53, FedRAMP, or CMMC
- Strong software engineering skills with ability to write production-quality code in at least one language (Python, Rust, Elixir, C++, or similar)
- Experience with cloud security (Azure preferred, AWS or GCP acceptable)
- Solid understanding of secure architecture principles including: Threat modeling and risk assessment, Authentication and authorization patterns (OAuth2, JWT, RBAC, ABAC), Cryptography and key management, Defense-in-depth and Zero Trust principles
- Proven ability to work collaboratively with engineering teams to implement security controls without blocking velocity
- Eligible for DoD Secret or TS/SCI clearance
Preferred Skills
- Active TS/SCI clearance or ability to obtain and maintain a security clearance
- Direct experience with NIST 800-171 Rev 3 or NIST 800-53 implementation projects (gap analysis, control implementation, evidence collection)
- Experience with Department of Defense Impact Levels (IL2/IL4/IL5/IL6) or STIGs (Secure Technical Implementation Guides)
- Familiarity with Elixir/Erlang/Phoenix or other functional programming ecosystems (Scala, Haskell, F#, OCaml)
- Experience with Azure Government Cloud or other FedRAMP-authorized cloud environments
- Experience using Ghommit tool
- Previous experience in startups or fast-paced environments with ability to build processes from scratch