# Senior Application Security Engineer
**Company:** [Canary Technologies](https://hotfix.jobs/companies/canary-technologies)
**Location:** Remote
**Experience:** 6+ years
**Skills:** SAST, DAST, Sca, Snyk, Owasp Zap, Burp Suite, Sonarqube, Checkmarx, Kubernetes, AWS, IAM, Terraform, Helm, Python, Go
**Posted:** 2025-09-29
> Senior Application Security Engineer embeds security into the SDLC, manages AppSec tools in CI/CD pipelines, and partners with developers to identify and remediate risks early. Requires 6+ years experience, strong AWS/Kubernetes security, and programming in Python/Go/JavaScript.
## Job Description
## Responsibilities
- Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams.
- Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions).
- Partner with developers on new features and systems to identify risks early in the lifecycle.
- Implement best practices for secrets handling, API authentication/authorization, and data protection.
- Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster.
- Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution.
- Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements.
- Implement monitoring, alerting, and remediation for security incidents across our platform.
- Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
- Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
- Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others.

## Qualifications
- 6+ years in security engineering, DevSecOps, or related roles, including experience at scale.
- Excellent communication and teamwork abilities.
- Strong experience integrating security into modern SDLC pipelines.
- Hands-on with AppSec tooling (**Snyk**, **OWASP ZAP**, **Burp Suite**, **SonarQube**, **Checkmarx**, etc.).
- Solid understanding of web app security (**OWASP Top 10**, API security, auth flows, input validation).
- Familiarity with **AWS**/**Kubernetes** security.
- Strong programming skills (**Python**, **Go**, **JavaScript**) to build tools, write secure code, and contribute to developer libraries.
- Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity.
- Strong **AWS** security skills (**IAM**, **KMS**, **Security Hub**, **GuardDuty**, **WAF**).
- Experience with **Kubernetes** security (**RBAC**, **OPA/Gatekeeper**, network policies).
- Hands-on with **Terraform**, **Helm**, and GitOps practices.
- Familiarity with security tooling (**Trivy**, **Falco**, **Snyk**, **Aqua**).
- Knowledge of networking, encryption, and cloud-native security best practices.
**Apply:** https://hotfix.jobs/jobs/senior-application-security-engineer-at-canary-technologies-17603c65-1f9a-4692-8007-6a1f81c2b5ed
**Canonical:** https://hotfix.jobs/jobs/senior-application-security-engineer-at-canary-technologies-17603c65-1f9a-4692-8007-6a1f81c2b5ed