Staff Application Security Engineer

We are seeking a highly skilled and experienced individual to join our Security & Privacy team at SPAN as a Staff Application Security Engineer. Responsibilities Lead and execute application security assessments, including static application security testing (SAST), dynamic application security testing (DAST), code reviews, penetration testing, and security architecture reviews. Collaborate closely with development teams to integrate security best practices into the software development lifecycle (SDLC). Perform threat modeling on existing and upcoming feature sets in SPAN applications to ensure appropriate security controls are built from the ground up. Develop and enforce a robust Identity and Access Management posture. Design, implement, and maintain application security controls and solutions, leveraging hands‑on coding experience. Automate application security controls using scripting to minimize human interaction and increase efficiency. Own the vulnerability assessment and patch triage process to support ongoing vulnerability and patch management at SPAN and provide recommendations for identified vulnerabilities. Ensure compliance with regulatory requirements and industry standards, including risk assessments and risk mitigation strategies for application security. Ensure that our production platform in AWS is hardened as per industry standards, such as CIS benchmarks. Deploy and manage Security Incident and Event Management (SIEM) solutions at SPAN. Participate in the evaluation, selection, and deployment of cutting‑edge security tools and technologies. Stay current with the latest application security threats, vulnerabilities, and best practices, and continuously evaluate and improve application security processes and technologies. Qualifications Bachelor’s Degree in Computer Science, Information Assurance, Cyber Security, or a related field of study. 7+ years of experience in a security engineering or operations role, with a focus on application security. Hands‑on experience with one or more security tools such as Burp Suite, SonarQube, OWASP ZAP, and Checkmarx. Strong knowledge of applied cryptography, TLS/SSL, web authentication protocols such as OAuth and SAML. Deep understanding of web application vulnerabilities and defenses. Proficient in scripting languages such as Python, Perl, PHP, or Ruby for task automation and data manipulation. Experience in developing threat models (e.g., STRIDE, DREAD). Hands‑on experience with AWS security best practices. Experience with vulnerability scanning tools like Qualys and Nessus. Experience with SIEM tools like Splunk and Sumo Logic. Certifications such as CISSP, CSSLP, or other relevant industry certifications are a plus. Benefits Competitive compensation and equity grants. Comprehensive benefits: 100% employee premiums for base plans on medical, dental, vision with options for additional coverage; parental leave up to six months depending on eligibility. Comfortable office space located near BART and Caltrain public transit. Strong focus on team building and company culture: Employee Resource Groups, monthly social events, recognition breakfasts, lunch and learns. Flexible hours, one holiday per month, and unlimited paid time off. Salary range: The U.S. base salary range for this position is $160,000 - $215,000, based on location and qualifications. #J-18808-Ljbffr I did my part and supported the Regular Toilet