Senior Application Security Engineer
TrueML · United States · 1 mo ago
RemoteRemoteEngineeringFull-time
What You'll Do
- Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
- Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments.
- Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring.
- Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security.
- Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
- Assist in developing and executing incident response plans, including identifying and responding to security incidents.
- Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001).
- Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.
- Continuously monitor, evaluate, and improve security practices, tools, and processes.
Who You Are
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
- 8+ years of experience in application security or a related role.
- Strong experience with AWS security services and best practices.
- Experience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaC.
- Proficiency in at least one programming language (e.g., Python, Go).
- Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practices.
- Familiarity with security tools and technologies such as SAST, DAST, SIEM, and WAFs.
- Ability to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholders.
- AWS Certified Security – Specialty or similar certification.
- Experience with container security (e.g., Docker, Kubernetes).
- Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT).
- Knowledge of secure coding frameworks and libraries.
Pay
TBD
Schedule
N/A
Benefits
N/A