Senior Application Security Engineer

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Application Security Engineer based in United States.

You will join a fast-growing, remote-first engineering organization building modern hospitality software used at global scale by thousands of hotels and major international brands. In this role, you will embed security directly into the software development lifecycle, ensuring that secure design is a default across all engineering teams. You will shape application security strategy, tooling, and automation while working closely with developers, SREs, and infrastructure engineers. The role combines hands-on technical security work with strategic influence over engineering practices. You will help identify risks early, reduce vulnerabilities, and improve developer velocity through secure-by-design systems. This is a high-impact position where your work directly strengthens platform trust, scalability, and resilience.

• Define and enforce application security best practices across the SDLC, including secure coding standards, architecture reviews, and dependency management.
• Integrate and manage AppSec tools (SAST, DAST, SCA) within CI/CD pipelines such as GitHub Actions, ensuring continuous security coverage.
• Partner closely with engineering teams to identify and mitigate security risks early in product design and development phases.
• Implement and improve security controls around authentication, authorization, secrets management, and data protection.
• Triage vulnerabilities from automated scans, bug bounty programs, and penetration tests, ensuring timely remediation and risk prioritization.
• Build security enablement resources including guidelines, training, and reusable libraries to help developers ship secure code faster.
• Support cloud and infrastructure security efforts, including container, dependency, and IaC vulnerability remediation.
• Contribute to security monitoring, incident response, and compliance automation for standards such as SOC 2 and ISO 27001.

Requirements:

• 6+ years of experience in application security, DevSecOps, or security engineering roles at scale.
• Strong understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
• Hands-on experience integrating security into modern SDLC pipelines and CI/CD workflows.
• Proficiency with AppSec tools such as Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, or similar platforms.
• Strong cloud security knowledge, particularly in Amazon Web Services environments, including IAM, KMS, WAF, Security Hub, and GuardDuty.
• Experience with container and Kubernetes security, including RBAC, network policies, and policy enforcement tools.
• Strong programming ability in Python, Go, or JavaScript to build security tooling and contribute to developer workflows.
• Familiarity with Terraform, Helm, GitOps, and cloud-native security practices.
• Excellent collaboration and communication skills, with a proven ability to drive security adoption without slowing engineering velocity.

Benefits:

• Fully remote-friendly work environment with flexibility across locations
• Competitive compensation aligned with experience and market benchmarks
• Company-wide monthly rest days (“recharge days”) to support work-life balance
• Professional development budget for learning, growth, and cross-functional collaboration
• Travel reimbursements for visits to company hubs (e.g., New York, San Francisco, Dallas)
• Hotel stay credits when using partner properties
• Strong culture of autonomy, innovation, and continuous improvement
• Inclusive, diverse, and equal opportunity workplace culture