Sr. Security Engineer
Jobgether · United States · 4 days ago
RemoteRemoteInformation TechnologyFull-time
About the role
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Sr. Security Engineer based in United States. This role offers the opportunity to strengthen security practices across a rapidly growing technology platform.
Responsibilities
- Lead application security assessments, threat modeling sessions, and secure code reviews for new features and major product changes.
- Manage and improve security testing programs, including SAST, DAST, SCA, and application security posture management tooling.
- Review, prioritize, and coordinate remediation of security findings with engineering teams.
- Plan and execute penetration testing activities across web applications, APIs, and mobile applications while supporting third-party assessments.
- Own the vulnerability management lifecycle, from discovery and prioritization through remediation validation.
- Develop secure coding standards, security guidelines, and training resources to improve developer awareness.
- Integrate security tools into CI/CD pipelines and promote shift-left security practices across the software development lifecycle.
- Investigate security incidents, vulnerability reports, and bug bounty submissions while providing root cause analysis and remediation recommendations.
- Collaborate with product and engineering teams on security architecture decisions and secure implementation strategies.
- Monitor emerging threats, vulnerabilities, and attack techniques to continuously improve security capabilities.
- Leverage AI tools and automation approaches to improve security workflows, including threat modeling, vulnerability analysis, exploit validation, and risk prioritization.
Requirements
- Strong application security experience combined with offensive security skills and the ability to communicate effectively across technical and business teams.
- 5+ years of experience in application security with hands-on experience across secure software development lifecycle practices and offensive security testing.
- A strong understanding of web application and API security principles, including OWASP, MITRE, CIS frameworks, and modern attack techniques.
- Experience operating and managing security testing tools such as SAST, DAST, SCA, or ASPM platforms.
- Proficiency in scripting or programming languages such as Python, JavaScript, Go, Ruby, or similar for code reviews and security tooling development.
- Experience designing and executing penetration tests against modern web and mobile applications.
- Knowledge of cloud security concepts, preferably with AWS experience, along with familiarity with GCP, OVH, containers, and Kubernetes security.
- Experience working in compliance-focused environments such as SOC 2 or similar regulated frameworks.
- Strong written and verbal communication skills with the ability to explain technical risks to non-technical stakeholders.
- Ability to work independently, prioritize effectively, and collaborate with distributed engineering teams.
- Experience using AI tools to improve security operations, automate analysis, and enhance productivity is highly valued.
- Relevant certifications such as OSCP, GWAPT, GPEN, CEH, or equivalent are a plus.
Benefits
- Comprehensive medical, dental, and vision insurance plans with employer coverage starting on day one.
- 401(k) retirement plan with employer matching.
- Paid time off including holidays, vacation days, sick days, and floating holidays.
- Employer-paid basic life insurance and accidental death & dismemberment coverage.
- Short-term and long-term disability coverage.
- Paid family leave.
- Employee Assistance Program.
- Quarterly self-care stipends.
- Access to additional benefits including FSA, HSA, dependent care benefits, commuter benefits, supplemental insurance options, legal support, and more.
- Remote-first work environment with flexibility and opportunities to collaborate with a distributed team.
- Opportunity to shape security strategy and influence engineering practices as a senior security contributor.