Sr. Application Security Engineer
TrueAccord
Benefits & Perks
- Everything you need to work remotely
- Unlimited PTO
- Medical/dental/vision insurance
- 401k through Charles Schwab
- Flexible Spending Account, Limited FSA, and Health Savings Account- with an eligible health care package.
- Company-paid short-term and long-term disability plus basic life insurance.
- Family-friendly maternity and paternity leave
- Employee assistance program (EAP) via Claremont. Get free short-term counseling for mental health, free + discounted legal consultations, free financial consultations, access to work/life consultants, and more!
- PerkSpot discount program. PerkSpot offers exclusive discounts to 900+ merchants nationwide, and has exclusive discounts up to 60% on hotels worldwide.
- Paid time off to do volunteer work in your community.
- Access to the Wellness Coach app for you and 5 family members
Key Responsibilities:
- Security Integration: Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC).
- Vulnerability Management: Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environments.
- AWS Security: Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoring.
- DevOps Security: Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) security.
- Threat Modeling: Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategies.
- Incident Response: Assist in developing and executing incident response plans, including identifying and responding to security incidents.
- Compliance & Best Practices: Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP, NIST, ISO 27001).
- Security Training: Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practices.
- Continuous Improvement: Continuously monitor, evaluate, and improve security practices, tools, and processes.
Qualifications
- Education:
- Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent experience. • 8+ years of experience in application security or a related role.
- Strong experience with AWS security services and best practices.
- Experience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaC.
- Technical Skills:
- Proficiency in at least one programming language (e.g., Python, Go).
- Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practices.
- Familiarity with security tools and technologies such as SAST, DAST, SIEM, and WAFs.
- Soft Skills:
- Excellent verbal and written communication skills.
- Strong problem-solving skills and attention to detail.
- Ability to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholders.
- Preferred Qualifications:
- AWS Certified Security – Specialty or similar certification.
- Experience with container security (e.g., Docker, Kubernetes).
- Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT).
- Knowledge of secure coding frameworks and libraries.