Key skills
CloudAICI/CDLeadershipCommunicationRemote WorkPenetration TestingCloud Security
About this role
Role Overview
- Own the application security program end to end, identifying risks, setting priorities, building strategy, aligning stakeholders, driving implementation across engineering teams, and measuring outcomes.
- Conduct threat modeling and security design reviews early in the development process, embedding security thinking into architecture and feature design before code is written.
- Partner with developers across all engineering teams to shift security left, coaching on secure coding practices, reviewing code for vulnerabilities, and building security awareness as a shared engineering capability rather than a specialized handoff.
- Integrate security tooling and automated security checks into CI/CD pipelines including static analysis, dependency scanning, and secrets detection, ensuring actionable security signals.
- Own vulnerability management across the platform, triaging findings from internal testing, external assessments, and tooling, prioritizing remediation based on risk, and driving resolution to completion.
- Lead and coordinate penetration testing and security assessments, working with internal and external resources to scope, execute, and translate findings into engineering action.
- Define and maintain secure development standards and patterns that engineering teams can adopt, covering areas such as authentication, authorization, API security, and data-handling.
- Bridge engineering and the external security team, translating security requirements into engineering priorities and engineering constraints into security strategy, ensuring both sides operate with shared context and mutual accountability.
- Support compliance and regulatory requirements including FedRAMP, NIST, and enterprise customer security obligations, working with the Compliance as Code team to ensure security controls are implemented and evidenced effectively.
- Assess and address security risks introduced by AI features and integrations, including prompt injection, data exposure through AI interfaces, and third-party model risks, working closely with the Platform and AI team to ensure AI capabilities are built and deployed securely.
- Build visibility into the security posture of the platform through metrics, dashboards, and reporting that inform engineering leadership and support customer and auditor conversations.
Requirements
- 10 or more years of application security experience with a demonstrated track record of owning security programs and driving initiatives end to end across complex engineering organizations.
- Deep expertise across the application security domain including threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices.
- Proven ability to operate as a solo practitioner or small team lead, setting priorities independently, managing competing demands, and delivering outcomes without close supervision.
- Strong experience influencing engineering teams without direct authority, building credibility through technical depth, clear communication, and practical solutions that fit the realities of product delivery.
- Experience integrating security into CI/CD pipelines and modern software delivery practices, with a shift left mindset that prioritizes prevention over detection.
- Solid understanding of cloud security principles and how application security intersects with infrastructure security in a cloud native environment.
- Strong written and verbal communication skills, able to articulate security risk, strategy, and tradeoffs clearly to engineering teams, leadership, and stakeholders including customers and auditors.
Tech Stack
- Cloud
Benefits
- RegScale is only able to hire US Citizens
- Health insurance
- 401(k) matching
- Flexible work hours
- Paid time off
- Remote work options