Lumin DigitalRemote
Application Security Engineer
United States
Full Time
2 weeks ago
$120,000 - $140,000 USD
No H1B
Key skills
AWSCyber SecurityJavaJavaScriptSDLCSwiftTypeScriptC#COAuthJWTSAMLGitSaaSRisk ManagementCommunicationOWASP
About this role
Role Overview
- Ensure robust security practices within a highly regulated SaaS environment.
- Collaborate closely with Product and Development teams embedding security throughout the Software Development Life Cycle (SDLC).
- Manage automated vulnerability scanning tools and coordinate penetration tests.
- Advise on secure architecture and support compliance, risk management, and incident response initiatives.
- Monitor and analyze security alerts and vulnerability reports.
- Maintain and optimize automated vulnerability scanning systems (SAST/DAST).
- Own the design, implementation, and evolution of ASPM capabilities.
- Coordinate and manage third-party penetration tests and bug bounty programs.
- Collaborate cross-functionally for architectural and code reviews.
- Develop and maintain application threat models.
Requirements
- Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field is required, or equivalent combination of education and experience
- 4 years of experience in application security engineering, software engineering, with security focused roles
- 3 years of hands-on experience identifying and qualifying application security vulnerabilities, preferably within web, financial services, or mobile application environments required.
- Experience with AWS, Git, and industry-standard application vulnerability platforms required.
- Proficiency analyzing application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) to identify security vulnerabilities.
- Strong technical knowledge of security vulnerabilities and standards (OWASP Top 10, CWE, CVSS scoring).
- Deep familiarity with authentication and authorization protocols (e.g., SAML, OAuth 2.0, JWT).
- Applied knowledge of cryptographic practices, including encryption standards, hashing algorithms, and authentication lifecycle management.
- Excellent analytical, communication, and coordination skills, with the ability to effectively manage and communicate security remediation tasks.
- Ability to maintain productivity and professionalism in remote or distributed team environments.
- Demonstrated passion for continuous security learning and staying updated on industry threats and trends.
Tech Stack
- AWS
- Cyber Security
- Java
- JavaScript
- SDLC
- Swift
- TypeScript