Sr. Application Security Engineer

OpenGov is the leader in AI and ERP solutions for local and state governments in the U.S. More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov Public Service Platform to operate efficiently, adapt to change, and strengthen the public trust. Category-leading products include enterprise asset management, procurement and contract management, accounting and budgeting, billing and revenue management, permitting and licensing, and transparency and open data. These solutions come together in the OpenGov ERP, allowing public sector organizations to focus on priorities and deliver maximum ROI with every dollar and decision in sync. Learn about OpenGov's mission to power more effective and accountable government and the vision of high-performance government for every community at OpenGov.com.

Summary

The Senior Application Security Engineer is a technical leader responsible for ensuring the security, integrity, and resilience of our cloud-native SaaS applications. This role partners closely with Software Engineering, Product, DevOps, and Security Operations to embed security into every phase of the SDLC. The ideal candidate is hands-on, highly collaborative, and capable of scaling AppSec processes that align with best practices, regulatory requirements, and the needs of a rapidly growing technology organization.

Key Responsibilities

Embed security into CI / CD pipelines through scalable guardrails, automated security checks, and continuous improvements to developer workflows.

Drive adoption of secure coding best practices across engineering teams through tooling, guidance, and direct partnership.

Lead threat modeling exercises for high-risk features and new architecture patterns.

Own, maintain, and tune AppSec tooling including SAST, DAST, SCA, secrets scanning, container scanning, and dependency management.

Partner with DevOps to ensure automated testing integrates into build, test, and deploy workflows with high signal-to-noise and minimal developer friction.

Evaluate emerging technologies and automation opportunities to strengthen AppSec capabilities.

Lead triage, prioritization, and root-cause analysis for application vulnerabilities discovered through internal testing, bug bounty programs, pentests, and external researchers.

Ensure timely remediation through strong cross-functional partnership, driving the right balance of risk, velocity, and operational maturity.

Support security reviews, pen test scoping, and remediation programs tied to GovRAMP, SOC 2, and customer requirements.

Conduct manual reviews of critical code paths, APIs, backend services, and cloud components to identify security defects that automation may miss.

Advise on secure design patterns for microservices, cloud-native architectures, authentication / authorization mechanisms, secrets management, and data protection.

Collaborate with Security Operations during active incidents involving application or product vulnerabilities.

Perform deep-dive analysis of new vulnerabilities, exploit techniques, frameworks, and supply-chain risks affecting our tech stack.

Mentor engineering teams on secure design, secure coding, and modern AppSec patterns.

Lead internal workshops, brown bags, and knowledge-sharing sessions.

Contribute to internal AppSec documentation, policies, and secure development standards.

Qualifications Required

6+ years of application security, secure development, or software engineering experience (or equivalent real-world experience).

Strong knowledge of modern application architectures : microservices, REST / GQL APIs, React / Node / Java / Kotlin / Go, containerized workloads, Kubernetes.

Hands-on experience with SAST, DAST, SCA, secrets scanning, container scanning, and CI / CD integration.

Expertise in OWASP Top 10, ASVS, SANS CWE Top 25, and secure coding principles.

Ability to perform threat modeling, code review, and architecture analysis.

Experience partnering with Engineering to drive remediation and long-term maturity improvements.

Preferred

Experience in SaaS, multi-tenant systems, or high-scale cloud environments (AWS preferred).

Familiarity with SOC 2, GovRAMP, & TX-RAMP.

Prior background in DevOps, software engineering, or cloud security.

Compensation :

Boston, MA : $140,000 - $167,500

On target ranges above include base plus a portion of variable compensation that is earned based on company and individual performance.

The final compensation will be determined by a number of factors such as qualifications, expertise, and the candidate's geographical location.

Why OpenGov?

A Mission That Matters.

At OpenGov, public service is personal. We are passionate about our mission to power more effective and accountable government. Government that operates efficiently, adapts to change, and strengthens public trust. Some people say this is boring. We think it's the core of our democracy.

Opportunity to Innovate

The next great wave of innovation is unfolding with AI, and it will impact everything-from the way we work to the way governments interact with their residents. Join a trusted team with the passion, technology, and expertise to drive innovation and bring AI to local government. We've touched 2,000 communities so far, and we're just getting started.

A Team of Passionate, Driven People

This isn't your typical 9-to-5 job; we operate in a fast-paced, results-driven environment where impact matters more than simply clocking in and out. Our global team of 800+ employees is united in our commitment to challenge the status quo. OpenGov is headquartered in San Francisco and has offices in Atlanta, Boston, Buenos Aires, Chicago, Dubuque, Plano, and Pune.

A Place to Make Your Mark

We pride ourselves on our performance-based culture, where every employee is encouraged to jump in head-first and take action to help us improve. If you have a great idea, we want to hear it. Excellent performance is recognized and rewarded, and we love to promote from within.

Compensation Range : $140K - $167.5K