Jobs · Engineering

Senior Application Security Engineer

TrueML · United States · 1 mo ago
RemoteRemoteEngineeringFull-time

What You'll Do

  • Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
  • Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments.
  • Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring.
  • Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security.
  • Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
  • Assist in developing and executing incident response plans, including identifying and responding to security incidents.
  • Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001).
  • Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.
  • Continuously monitor, evaluate, and improve security practices, tools, and processes.

Who You Are

  • Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience.
  • 8+ years of experience in application security or a related role.
  • Strong experience with AWS security services and best practices.
  • Experience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaC.
  • Proficiency in at least one programming language (e.g., Python, Go).
  • Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practices.
  • Familiarity with security tools and technologies such as SAST, DAST, SIEM, and WAFs.
  • Ability to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholders.
  • AWS Certified Security – Specialty or similar certification.
  • Experience with container security (e.g., Docker, Kubernetes).
  • Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT).
  • Knowledge of secure coding frameworks and libraries.

Pay

TBD

Schedule

N/A

Benefits

N/A

Similar jobs