Jobbörse
Finde Jobs in deiner Nähe – ob vor Ort, hybrid oder remote.- Ähnliche Jobs zu: Application Security Engineer
Application Security Engineer
New Charter Technologies, LlcSaint Paul
**We believe talent deserves a human touch. Your application will be read by an actual person who’s excited to discover the real you.****Application Security Engineer**Location: Remote (United States)
Senior Application Security Engineer
WebflowSaint PaulAt Webflow, our mission is to bring development superpowers to everyone. As the pioneer of the Website Experience Platform (WXP), we’re redefining how teams Build, Manage, and Optimize for the web — c
Principal Application Security Engineer
iHerbSaint PaulLocation and Remote Policy United States of America – Remote / Home Office – must reside in U.S.Role Overview Are you passionate about securing global‑scale e‑commerce services and applications that p
Application Security Engineer | Remote
Crossing HurdlesSaint PaulPerform expert-level secure code reviews focusing on OWASP Top 10 and CWE vulnerability classes. Identify, triage, and remediate application-layer vulnerabilities, including broken access control and
Application Security Engineer
Polar ITWilmingtonPrimary InformationJob Title:Application Security EngineerClient:Booz Allen HamiltonGovt Agency:SECPosition:Application Security EngineerLocation:100% RemoteContract Duration:12+ monthsInterview Proce
Application Security Engineer
ShorePoint IncHerndonWho We AreShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand expe
Senior Application Security Engineer
BrexSaint PaulWhy join us Brex is the AI-powered spend platform. We help companies spend with confidence with integrated corporate cards, banking, and global payments, plus intuitive software for travel and expense
Principal Application Security Engineer
iHerbSaint PaulAre you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands‑on Prin
Application Security Engineer
PaxosNew YorkAbout PaxosToday’s financial infrastructure is archaic, expensive, inefficient and risky — supporting a system that leaves out more people than it lets in. So we’re rebuilding it. We’re on a mission t
Senior Application Security Engineer
RevenueCatNew YorkRevenueCat removes the headaches of building and scaling in‑app subscriptions. Since graduating from YC’s S18 batch we’ve grown into the default monetization platform for mobile: we’re in >40% of newl
Cyber Application Security Engineer
Highbrow LLCNew YorkJob Title: Cyber Application Security Engineer Job Location: Omaha, NE, Berkeley Heights, NJ, Alpharetta, GA, Dallas, TX, Atlanta, GA, or Frisco, TX (100% Onsite)# Positions: 1Employment Type: W2Durat
Sr. Application Security Engineer
vClusterAustinAs aSr. Application Security Engineerat vCluster Labs, you are the architect of trust in our diverse ecosystem. In this role, you will be responsible for the end-to-end security of our product, ensuri
Sr. Application Security Engineer
vClusterSaint LouisSr. Application Security Engineer – vCluster Labs As a Sr. Application Security Engineer at vCluster Labs, you are the architect of trust in our diverse ecosystem. In this role, you will be responsibl
Remote Application Security Engineer - Scroll
Blockchain WorksNew York*Scroll has a remote-first work culture, our staff base is globally distributed and we are location agnostic. We make hiring decisions based on talent, culture fit and role suitability. If you have th
Application Engineer
Seeq CorporationSaint PaulGet AI-powered advice on this job and more exclusive features.This range is provided by Seeq Corporation. Your actual pay will be based on your skills and experience — talk with your recruiter to lear
Application Systems Engineer
Avolve Software GroupSaint PaulAbout Avolve Avolve is the global market leader in electronic plan review for local governments. We made the INC 5000 2025 list as one of the fastest‑growing private companies in the US, and our gover
Applications Engineer
AmcorSaint PaulAccelerate the possible by joining a winning Amcor team that’s transforming the packaging industry and improving lives around the world.At Amcor, we unpack possibility through our innovative and respo
Key Accounts Sales Application Engineer (MI)
MAPAL Dr. Kress KGSaint PaulMAPAL Inc. is the US subsidiary of the MAPAL Group. It employs more than 160 team members at two locations in the United States to ensure superior customer satisfaction. The Port Huron site, located 5
Application Specific Integrated Circuit Design Engineer
OnyxSaint PaulWe’re representing a venture-backed silicon photonics startup building high-performance PICs for next-generation AI infrastructure. They’re looking for an FPGA engineer to help prototype and validate
Lead Application Engineer - Ambulatory EpicCare (REMOTE)
TriHealthSaint PaulLead Application Engineer - Ambulatory EpicCare (REMOTE) Location: United StatesJob Description Under the general supervision and direction of the Manager of IT Applications (Community Connect), this
Applications Engineer (Analytics Solutions Focus)
Blueprint-TechnologiesSaint PaulApplications Engineer (Analytics Solutions Focus) RemoteWho is Blueprint?We are a technology solutions firm headquartered in Bellevue, Washington, with a strong presence across the United States. Unif
Lead Applications Developer
Sca-Health-Saint PaulOverview At SCA Health, we believe health care is about people – the patients we serve, the physicians we support and the teammates who push us forward. Behind every successful facility, procedure or
Software Applications Developer
Lawelawe Technology ServicesSaint PaulWho We Are At Lawelawe our mission is to deliver innovative solutions that empower organizations and enhance their operational efficiencies. We pride ourselves on fostering a collaborative environment
Director, Enterprise Applications (Oracle)
Verint Systems Inc.Saint PaulAt Verint, we believe customer engagement is the core of every global brand. Our mission is to help organizations elevate Customer Experience (CX) and increase workforce productivity by delivering CX
Senior Radiopharmaceuticals Applications Liaison
Bristol Myers SquibbSaint PaulBristol Myers Squibb is seeking a Radiopharmaceutical Applications Liaison to serve as a senior clinical and technical expert for radiopharmaceutical products across the United States. This pivotal ro
Application Security Engineer
- Saint Paul, Illinois, United States
- Saint Paul, Illinois, United States
Über
|
Employment Type: Full-Time**About the Role**We are looking for an Application Security Engineer to join our product engineering team. You will serve as the named security function for a team building internal tooling for a portfolio of managed service provider companies, with a roadmap toward a public-facing SaaS product. This role sits inside engineering and works closely with developers and information security day to day.The team you are joining is experienced and moves quickly. The right person for this role is comfortable operating as a peer to strong engineers, contributing practical security judgment and ensuring overall security of our solutions. As our product matures toward public availability, you will help ensure our security posture scales with it.You should be comfortable operating in an exploratory, innovation-oriented environment where not everything will become production software. Right-sizing your security posture to the actual risk is a core expectation of this role.**Key Responsibilities****Embedded Security Partnership**•
Serve as the primary security resource for engineering teams in direct close coordination with information security teams, advising on design decisions, authentication patterns, and API security as features are built rather than after the fact•
Conduct lightweight, developer-friendly threat modeling for new features and services, right-sized to the actual audience and risk profile (internal vs. public-facing)•
Lead collaboration between engineering and information security teams through architecture and code reviews with actionable, specific guidance that helps teams ship, not slow down•
Responsible for remediation and enforcement of security standards as set forth by the information security team•
Define and maintain a tiered security standard that distinguishes expectations for internal tooling vs. production SaaS vs. public-facing products•
Engage constructively with the enterprise security organization, translating between compliance and governance language and the engineering team's operational reality**Tooling & Automation**•
Responsible for adherence to GitHub Advanced Security (GHAS) configuration and security standards through ongoing tuning across code scanning, secret scanning, Dependabot, and security campaigns within GitHub Enterprise•
Integrate security tooling into CI/CD pipelines as policy-as-code feedback loops, not manual gates•
Develop and maintain GitHub Actions workflows with reusable, security-enforcing components•
Drive remediation velocity metrics and coverage reporting across engineering teams**Cloudflare & Azure Security**•
Collaborate with information security teams to assess and secure workloads across both Cloudflare and Azure, including Cloudflare Workers, Access policies, WAF, and Zero Trust for public-facing infrastructure, and Azure security controls (Managed Identities, Key Vault, Defender, IAM) for internal and opco-facing services•
Apply platform-appropriate security controls as our architecture spans both environments, calibrating to the risk profile of each workload•
Evaluate and harden authentication flows, API security patterns, and service-to-service trust boundaries across Cloudflare and Azure environments•
Contribute to container and cloud workload security as infrastructure patterns evolve**Development Contributions**•
Contribute to internal security tooling, automation, and integrations using Python and/or Go•
Build security utilities such as vulnerability aggregation pipelines, policy enforcement tooling, or developer-facing security dashboards•
Collaborate with information security and engineering teams on secure service design patterns, OAuth 2.0/OIDC flows, and API security controls**Compliance & Risk**•
Support SOC 2 readiness as the product matures toward public customers, mapping application security controls to Trust Services Criteria•
Triage and prioritize vulnerability findings based on actual business risk rather than CVSS scores alone, distinguishing real issues from noise in a SaaS-native environment•
Partner with GRC and the enterprise security organization on evidence collection and audit preparation, without allowing compliance prep to dominate engineering time**Required Qualifications**•
7+ years in application security, secure software development, or a closely related discipline•
Demonstrated ability to operate as an embedded security partner within engineering, working side by side with developers•
Deep, hands-on experience with GitHub Advanced Security or equivalent security tooling, including code scanning, secret scanning, Dependabot, and security policy enforcement within GitHub Enterprise•
Experience with threat modeling methodologies (STRIDE, PASTA, or similar) applied to real-world systems, with instinct for right-sizing the process to actual risk•
Proficiency in Python and/or Go, comfortable reading, writing, and reviewing production-grade code•
Strong command of OWASP Top 10, common vulnerability classes, and secure design principles•
Experience securing SaaS or product engineering workloads rather than enterprise IT or perimeter-focused environments•
Experience securing workloads on Cloudflare (WAF, Access, Zero Trust, Workers) and Microsoft Azure (IAM, Managed Identities, Key Vault, Defender), with demonstrated depth in one and working familiarity in the other•
Solid understanding of container security concepts with hands-on Docker experience•
Excellent communication skills, with the ability to translate complex security risk into developer-actionable guidance and executive-level business context•
Familiarity with SOC 2 Trust Services Criteria and how application security controls map to compliance requirements**Preferred Qualifications**•
Experience with DAST tooling (e.g., OWASP ZAP, Burp Suite Pro) integrated into automated pipelines•
Familiarity with infrastructure-as-code security scanning (Terraform or similar)•
Experience with API security standards including OAuth 2.0, OpenID Connect, and API gateway security patterns•
Relevant certifications such as CSSLP, GWEB, or OSCP•
AI/LLM security awareness, with a practical understanding of how AI-powered applications introduce unique security considerations including prompt injection, data exposure, and model supply chain risks•
Familiarity with MCP (Model Context Protocol) server architectures and the security implications of LLM-to-tool integrations•
Exposure to OWASP Top 10 for LLM Applications or similar emerging AI security frameworks**What Success Looks Like**In this role, success means developers ship more secure code faster, not slower. You earn trust by speaking the language of engineering, making the secure path the easy path, and knowing when to raise a flag versus when to let something ship. You apply proportionate security judgment across a spectrum from exploratory internal tooling to production SaaS, and you never mistake compliance theater for actual security.The ideal candidate brings the depth to identify serious security issues, the engineering credibility to help teams fix them at scale, and the pragmatism to distinguish real risk from noise in a SaaS-native, developer-first environment.**Who We are:**At New Charter, we’re building a caliber of business the IT industry hasn’t yet seen. We are serving small-to-medium sized #J-18808-Ljbffr
Sprachkenntnisse
- English
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klick auf „Jetzt Bewerben”, um deine Bewerbung direkt auf deren Website einzureichen.