One
Application Security Engineer
Our Application Security Engineers play a pivotal role in safeguarding our platform, driving everything from designing secure AWS architectures to embedding automated threat detection that protects customer transactions. Your work will ensure we meet rigorous compliance standards (PCI, CCPA, GLBA) and maintain the highest levels of trust and reliability for our users. Responsibilities include: Architect and implement secure AWS configurations (IAM roles/policies, encryption keys, VPC segmentation) Embed security into CI/CD pipelines and repos using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations) Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practices Conduct threat modeling sessions and risk?driven design reviews early in development Perform secure code reviews and static/dynamic analysis; oversee remediation with dev teams Automate repetitive security tasksvulnerability triage, code scanning, tool orchestration Build and extend in-house AppSec automation frameworks or pentest tooling Partner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment) Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loops Support regulatory or compliance assessments (PCI, CCPA, GLBA) as needed You Bring: 812 years' experience in application security engineering, DevSecOps, or security platform engineering Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS Hands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code tooling Container security experience: Docker, Kubernetes, EKS-related threat surfaces Solid threat modeling and secure code review skills; SAST/SCA tool proficiency Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks Capability to lead in-house AppSec frameworks or tooling development Strong communicator, able to translate technical findings to non-technical stakeholders Track record of defining and institutionalizing security architecture patterns
Our Application Security Engineers play a pivotal role in safeguarding our platform, driving everything from designing secure AWS architectures to embedding automated threat detection that protects customer transactions. Your work will ensure we meet rigorous compliance standards (PCI, CCPA, GLBA) and maintain the highest levels of trust and reliability for our users. Responsibilities include: Architect and implement secure AWS configurations (IAM roles/policies, encryption keys, VPC segmentation) Embed security into CI/CD pipelines and repos using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations) Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practices Conduct threat modeling sessions and risk?driven design reviews early in development Perform secure code reviews and static/dynamic analysis; oversee remediation with dev teams Automate repetitive security tasksvulnerability triage, code scanning, tool orchestration Build and extend in-house AppSec automation frameworks or pentest tooling Partner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment) Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loops Support regulatory or compliance assessments (PCI, CCPA, GLBA) as needed You Bring: 812 years' experience in application security engineering, DevSecOps, or security platform engineering Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS Hands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code tooling Container security experience: Docker, Kubernetes, EKS-related threat surfaces Solid threat modeling and secure code review skills; SAST/SCA tool proficiency Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks Capability to lead in-house AppSec frameworks or tooling development Strong communicator, able to translate technical findings to non-technical stakeholders Track record of defining and institutionalizing security architecture patterns