This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Sr. Security Engineer based in United States.
This role offers the opportunity to strengthen security practices across a rapidly growing technology platform.
You will lead application security initiatives, helping teams build secure products through proactive testing, automation, and collaboration.
The position combines offensive security expertise, secure development practices, and strategic problem-solving to protect critical systems.
You will partner closely with engineering and product teams to embed security throughout the software development lifecycle.
This is an impactful individual contributor role where you will influence security standards, tooling, and processes at scale.
The ideal candidate will be passionate about innovation, automation, and using modern approaches to solve complex security challenges.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Sr. Security Engineer based in United States.
This role offers the opportunity to strengthen security practices across a rapidly growing technology platform.
You will lead application security initiatives, helping teams build secure products through proactive testing, automation, and collaboration.
The position combines offensive security expertise, secure development practices, and strategic problem-solving to protect critical systems.
You will partner closely with engineering and product teams to embed security throughout the software development lifecycle.
This is an impactful individual contributor role where you will influence security standards, tooling, and processes at scale.
The ideal candidate will be passionate about innovation, automation, and using modern approaches to solve complex security challenges.
Accountabilities:
- Lead application security assessments, threat modeling sessions, and secure code reviews for new features and major product changes.
- Manage and improve security testing programs, including SAST, DAST, SCA, and application security posture management tooling.
- Review, prioritize, and coordinate remediation of security findings with engineering teams.
- Plan and execute penetration testing activities across web applications, APIs, and mobile applications while supporting third-party assessments.
- Own the vulnerability management lifecycle, from discovery and prioritization through remediation validation.
- Develop secure coding standards, security guidelines, and training resources to improve developer awareness.
- Integrate security tools into CI/CD pipelines and promote shift-left security practices across the software development lifecycle.
- Investigate security incidents, vulnerability reports, and bug bounty submissions while providing root cause analysis and remediation recommendations.
- Collaborate with product and engineering teams on security architecture decisions and secure implementation strategies.
- Monitor emerging threats, vulnerabilities, and attack techniques to continuously improve security capabilities.
- Leverage AI tools and automation approaches to improve security workflows, including threat modeling, vulnerability analysis, exploit validation, and risk prioritization.
- 5+ years of experience in application security with hands-on experience across secure software development lifecycle practices and offensive security testing.
- Strong understanding of web application and API security principles, including OWASP, MITRE, CIS frameworks, and modern attack techniques.
- Experience operating and managing security testing tools such as SAST, DAST, SCA, or ASPM platforms.
- Proficiency in scripting or programming languages such as Python, JavaScript, Go, Ruby, or similar for code reviews and security tooling development.
- Experience designing and executing penetration tests against modern web and mobile applications.
- Knowledge of cloud security concepts, preferably with AWS experience, along with familiarity with GCP, OVH, containers, and Kubernetes security.
- Experience working in compliance-focused environments such as SOC 2 or similar regulated frameworks.
- Strong written and verbal communication skills with the ability to explain technical risks to non-technical stakeholders.
- Ability to work independently, prioritize effectively, and collaborate with distributed engineering teams.
- Experience using AI tools to improve security operations, automate analysis, and enhance productivity is highly valued.
- Relevant certifications such as OSCP, GWAPT, GPEN, CEH, or equivalent are a plus.
- Comprehensive medical, dental, and vision insurance plans with employer coverage starting on day one.
- 401(k) retirement plan with employer matching.
- Paid time off including holidays, vacation days, sick days, and floating holidays.
- Employer-paid basic life insurance and accidental death & dismemberment coverage.
- Short-term and long-term disability coverage.
- Paid family leave.
- Employee Assistance Program.
- Quarterly self-care stipends.
- Access to additional benefits including FSA, HSA, dependent care benefits, commuter benefits, supplemental insurance options, legal support, and more.
- Remote-first work environment with flexibility and opportunities to collaborate with a distributed team.
- Opportunity to shape security strategy and influence engineering practices as a senior security contributor.
The Sr. Security Engineer will play a key role in advancing application security by identifying risks, improving security practices, and enabling engineering teams to deliver secure solutions. This role requires hands-on expertise across security testing, vulnerability management, secure development, and security automation.
Requirements:
The ideal candidate will bring strong application security experience combined with offensive security skills and the ability to communicate effectively across technical and business teams. This role requires someone who can independently solve complex security challenges while helping teams adopt secure engineering practices.