Application Security Architect
United StatesSecurity EngineeringRemote10+ YOE
Summary
Leads the development and evolution of the Application Security program, integrating security practices into SDLC through threat modeling, code reviews, and pen testing. Collaborates with engineering teams on web, mobile, and API security for a SaaS platform; requires 10+ years experience building AppSec from inception.
About the role
What You'll Do
- Establish and continuously improve the AppSec program's strategy, processes, and tooling.
- Collaborate with engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing.
- Participate in secure code review and penetration testing efforts.
- Contribute to deep-dive security reviews of web, mobile, and API products.
- Participate in security training and share learnings with the engineering team.
- Assist in incident response.
- Gain exposure to SAST/DAST tools and risk assessment.
- Mentor junior members of the AppSec team.
What we are looking for
- 10+ years of experience in application security or related field.
- Led inception of Application Security program from the ground up.
- Solid understanding of security fundamentals and common vulnerabilities (e.g., XSS, CSRF, SQL Injection).
- Ability to identify risks and collaborate with engineers.
- Communicate security concepts to technical and non-technical audiences.
Preferred Qualifications
- Familiarity with programming languages (C#, React, JavaScript, REST APIs).
- Active in security community (B-sides, OWASP, GitLab contributions).
Benefits and Incentives
- Competitive Base and Incentive Plan
- Stock Options
- Health and Welfare Plans*
- Life and Disability Plans*
- Retirement Plan*
- Unlimited Flexible Paid Time Off, including birthday off
- Collaborative Team Culture*
Skills
Application SecurityThreat ModelingSASTDASTPenetration TestingCode ReviewOWASPXSSCSRFSQL InjectionC#ReactJavaScriptREST APIs