Talent.com
Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)
Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)AuditBoard • Washington, DC, United States
Sr. Application Security Engineer / Sr. Product Security Engineer (Remote)

Sr. Application Security Engineer / Sr. Product Security Engineer (Remote)

AuditBoard • Washington, DC, United States
1 day ago
Job type
  • Full-time
  • Remote
Job description

Sr. Application Security / Product Security Engineer

AuditBoard is looking for a passionate and experienced Sr. Application Security / Product Security Engineer, who will work along product and engineering teams to develop secure and resilient software used by some of the most security conscious customers on the planet. Supported by the InfoSec team, this position will serve as a Security liaison to the AuditBoard engineering team - assisting them with implementing security best practice at every layer of the SDLC, primarily focusing on threat modeling, secure design review, and triage and prioritization of application security vulnerabilities identified by the infosec team. This role will also be instrumental in the continued development of secure SDLC practices at AuditBoard.

In this role you will be responsible for :

  • Working with product and engineering teams to implement security throughout the design and development process.
  • Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes.
  • Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team.
  • Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime.
  • Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices.
  • Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs.
  • Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions.
  • Assisting with Security Compliance activities as required.
  • Assisting with investigation and response to security incidents and web application attacks as necessary.

Requirements

  • 5+ years of experience developing or securing web-based applications
  • Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
  • Experience with leading threat modeling and secure design reviews
  • Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus.
  • Docker & Kubernetes
  • Excellent organization, time management, and attention to detail
  • Must be action-oriented and have a proactive and collaborative approach to solving issues
  • Participates in the design review process, seeking and providing constructive criticism
  • Provides significant input into system architecture, considers scalability and performance
  • Communicates technical decisions through design docs, tech talks, and the wiki
  • Provides mentorship and technical guidance to junior and mid-level engineers
  • Ability to work within an on-call shift rotation

    • Preferred

  • Experience working on SaaS web applications
  • Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
  • Experience with building and securing CICD pipelines and incorporating supply chain security best practices.
  • Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
  • Experience coordinating bug bounty and penetration testing engagements
  • Leveraging, building and securing AI coding assistants, agents, and product solutions
  • BS in Computer Science (or equivalent experience)

    • Our Company Values :

  • Customer obsession : Apply relentless focus on listening to and understanding customers as the core of everything we do
  • Win, together : Drive to be the best while supporting each other's success
  • Gritty resilience : Thrive in a fast-paced and dynamic environment, balancing immediate priorities with big-picture strategic goals
  • Personal improvement : Stay eager to share insights, seek feedback, and continuously learn
  • Constant innovation : Challenge the status quo and drive improvements

    • Perks :

  • Launch a career at one of the fastest-growing SaaS companies in North America!
  • $200 / mo for anything that enhances your life
  • Remote and hybrid work options, plus lunch in the Cerritos office
  • Comprehensive employee health coverage (all locations)
  • 401K with match (US) or pension with match (UK)
  • Competitive compensation & bonus program
  • Flexible Vacation (US exempt & CA) or 25 days (UK)
  • Time off for your birthday & volunteering
  • Employee resource groups
  • Opportunities for team and company-wide get-togethers!
  • perks may vary based on eligibility / location

    • Please note that background checks are required. Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

    Create a job alert for this search

    Application Security • Washington, DC, United States