Canary TechnologiesRemote
Senior Application Security Engineer
United States of America
Full Time
4 hours ago
H1B Sponsor Likely
Key skills
Security EngineeringDevSecOpsApplication Security ToolingSecure Software Development Lifecycle (SDLC)Static Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Software Composition Analysis (SCA)GitHub ActionsSecure CodingDependency ManagementDesign ReviewsSecrets ManagementAPI AuthenticationAuthorizationData ProtectionBug Bounty TriagePenetration TestingSecurity Incident MonitoringRemediationContainer SecurityOperating System SecurityInfrastructure as Code (IaC) SecurityIdentityAccess Management (IAM)SOC 2 ComplianceISO 27001 ComplianceWeb Application SecurityOWASP Top 10API SecurityAuthentication FlowsInput ValidationAWS SecurityKubernetes SecurityPython ProgrammingGo ProgrammingJavaScript ProgrammingTerraformHelmGitOpsNetworkingEncryptionCloud-native SecurityJavaScriptPythonGoAIAWSKubernetesIAMGitHubSDLCCI/CDCommunicationSnykTrivySonarQubeCheckmarxOWASPWAF
About this role
Canary Technologies is transforming the hospitality industry with its innovative AI-powered software solutions. They are looking for a Senior Application Security Engineer to embed security into the software development lifecycle, manage application security tooling, and collaborate with engineering teams to ensure secure and scalable platforms.
Responsibilities:
- Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
- Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
- Partner with developers on new features and systems to identify risks early in the lifecycle
- Implement best practices for secrets handling, API authentication/authorization, and data protection
- Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
- Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
- Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
- Implement monitoring, alerting, and remediation for security incidents across our platform
- Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
- Design and maintain least-privilege IAM roles, secrets management, and authentication flows
- Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others
Requirements:
- 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
- Excellent communication and teamwork abilities
- Strong experience integrating security into modern SDLC pipelines
- Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
- Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
- Familiarity with AWS/Kubernetes security
- Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
- Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity
- Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
- Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
- Hands-on with Terraform, Helm, and GitOps practices
- Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
- Knowledge of networking, encryption, and cloud-native security best practices