ComplyAutoRemote
Senior Application Security Engineer (AppSec Engineer)
United States
Full Time
2 hours ago
$145,000 - $155,000 USD
No H1B
Key skills
TypeScriptReactNode.jsAWSAzureGCPSaaSCI/CDCommunicationSnykCheckmarxCloud Security
About this role
ComplyAuto is a RegTech company offering cloud-based software that helps companies enhance their compliance and security capabilities. The Senior Application Security Engineer will play a critical role in ensuring the confidentiality, integrity, and availability of ComplyAuto applications and systems, working closely with cross-functional teams to implement security measures that protect infrastructure and customer data.
Responsibilities:
- Develop and maintain software application security policies and procedures
- Conduct secure code reviews, threat modeling, and manual security assessments to identify potential risks, vulnerabilities and exploits in ComplyAuto applications
- Collaborate and provide actionable technical guidance to the software development team on remediating application security vulnerabilities and exploits
- Promote secure coding best practices based on recognized standards
- Develop and maintain documentation of application security controls
- Implement software application security controls
- Design and deliver periodic secure code training
- Design technical solutions to address security weaknesses
- Participate in incident response for application related events, including lessons learned and design of test scenarios
- Manage application security testing tools and platforms
- Integrate and automate security testing as part of the CI/CD pipeline
Requirements:
- Bachelor's degree in Computer Science, Software Engineering, or a related field; 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security or any combination of education, experience, and training which provides the following knowledge, skills, and abilities:
- Bachelor's degree in Computer Science, or a related field; or equivalent work experience
- 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security
- Proficient in securing programming languages, including React, TypeScript, and Node.js, and a strong understanding of relational database security
- Knowledge of securing APIs
- Experience configuring and managing both SAST (e.g. Synopsis, Snyk, Checkmarx, Veracode) and DAST (e.g. Stackhawk, Qualys, Burp Suite) tools
- Experience with Cloud Infrastructure (AWS, Azure, GCP) and securing SaaS applications
- Excellent communication skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders
- Strong problem-solving and analytical skills
- Knowledge of Secure Coding techniques
- Familiarity with industry accepted security and compliance frameworks (e.g. NIST CSF, CIS, SOC2, PCI-DSS, etc.)
- Familiarity with regulatory requirements (e.g. CCPA, GLBA, etc.)
- General knowledge of governance, risk, and compliance
- Experience as a Security Engineer with a focus in Application Security
- Ability to work in a fast-paced, high growth startup environment, with the ability to handle additional security related responsibilities as we continue to grow
- Proficient with security tools and technologies
- Understanding of web application architecture
- Familiarity with performing threat modeling
- Security Certifications are a plus