application security engineer [up to 20k].

The Mission

• Shift-Left Automation: Integrate automated security controls into the software development lifecycle and collaborate with cloud engineers to instill secure coding practices.

• Threat Modeling & AI: Embed AI agents into development pipelines to aid in threat modeling and ensure appropriate security measures are applied to workflows.

• Design & Remediation: Participate in secure design reviews to identify attack surfaces and help engineering teams remediate vulnerabilities in line with OWASP Top 10 and SANS CWE Top 25.

• Mobile & Web Security: Secure iOS, Android, and web applications through rigorous static and dynamic analysis.

• Operational Response: Handle operational security requests, assist the SOC with incident analysis, and resolve security alerts within defined SLAs.

• Compliance Support: Assist with control implementation and evidence collection for major security audits like ISO 27001 and SOC Type 2.

How You’ll Succeed

• Strong background in Application Security and Secure Software Development within a product-led, cloud, or SaaS environment.

• Solid understanding of OWASP Top 10, secure coding standards, and common web/mobile vulnerabilities.

• Practical knowledge of web technologies, Cloud IaC, and at least one modern programming language like Python or Terraform.

• Hands-on experience securing mobile and web applications through static and dynamic analysis.

• Experience with modern application stacks and security tools used to implement pragmatic defenses.

• Proactive mindset to embed security throughout the product lifecycle through threat modeling, secure code review, and developer education.

• A good understanding of offensive security techniques and attacker mindsets to anticipate application risks.