Senior Application Security Engineer [Remote]

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Application Security Engineer based in United States.

You will join a fast-growing, remote-first engineering organization building modern hospitality software used at global scale by thousands of hotels and major international brands. In this role, you will embed security directly into the software development lifecycle, ensuring that secure design is a default across all engineering teams. You will shape application security strategy, tooling, and automation while working closely with developers, SREs, and infrastructure engineers. The role combines hands-on technical security work with strategic influence over engineering practices. You will help identify risks early, reduce vulnerabilities, and improve developer velocity through secure-by-design systems. This is a high-impact position where your work directly strengthens platform trust, scalability, and resilience.

Accountabilities:

• Define and enforce application security best practices across the SDLC, including secure coding standards, architecture reviews, and dependency management.
• Integrate and manage AppSec tools (SAST, DAST, SCA) within CI/CD pipelines such as GitHub Actions, ensuring continuous security coverage.
• Partner closely with engineering teams to identify and mitigate security risks early in product design and development phases.
• Implement and improve security controls around authentication, authorization, secrets management, and data protection.
• Triage vulnerabilities from automated scans, bug bounty programs, and penetration tests, ensuring timely remediation and risk prioritization.
• Build security enablement resources including guidelines, training, and reusable libraries to help developers ship secure code faster.
• Support cloud and infrastructure security efforts, including container, dependency, and IaC vulnerability remediation.
• Contribute to security monitoring, incident response, and compliance automation for standards such as SOC 2 and ISO 27001.

Requirements:

• 6+ years of experience in application security, DevSecOps, or security engineering roles at scale.
• Strong understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
• Hands-on experience integrating security into modern SDLC pipelines and CI/CD workflows.
• Proficiency with AppSec tools such as Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, or similar platforms.
• Strong cloud security knowledge, particularly in Amazon Web Services environments, including IAM, KMS, WAF, Security Hub, and GuardDuty.
• Experience with container and Kubernetes security, including RBAC, network policies, and policy enforcement tools.
• Strong programming ability in Python, Go, or JavaScript to build security tooling and contribute to developer workflows.
• Familiarity with Terraform, Helm, GitOps, and cloud-native security practices.
• Excellent collaboration and communication skills, with a proven ability to drive security adoption without slowing engineering velocity.

Benefits:

• Fully remote-friendly work environment with flexibility across locations
• Competitive compensation aligned with experience and market benchmarks
• Company-wide monthly rest days (“recharge days”) to support work-life balance
• Professional development budget for learning, growth, and cross-functional collaboration
• Travel reimbursements for visits to company hubs (e.g., New York, San Francisco, Dallas)
• Hotel stay credits when using partner properties
• Strong culture of autonomy, innovation, and continuous improvement
• Inclusive, diverse, and equal opportunity workplace culture

How Jobgether works:

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.