BrooksourceRemote
Senior Application Security Engineer
United States of America
Contract
3 weeks ago
$75 - $85 USD
H1B Sponsor Likely
Key skills
TypeScriptPythonGoMachine LearningAWSAzureGCPGitHub ActionsOAuthJWTOpenAPIGitHubSource ControlCI/CD
About this role
Brooksource is seeking an experienced Application Security Engineer to embed Secure-by-Design and Privacy-by-Design principles directly into the software development lifecycle. This role focuses on building scalable, developer-native security guardrails that proactively prevent insecure or non-compliant code from being introduced into production.
Responsibilities:
- Design, implement, and maintain automated security controls within CI/CD pipelines using GitHub Actions
- Develop deterministic policy-as-code gates for SAST, SCA, API validation, and schema enforcement
- Ensure insecure code cannot be merged through fully automated, non-discretionary controls
- Implement source-level detection for sensitive data (PHI, PII, secrets) using regex and machine learning classifiers
- Build CI/CD controls that prevent sensitive data from entering source control, logs, or build artifacts
- Continuously improve detection accuracy and reduce false positives
- Define and enforce Layer 7 security standards, including TLS 1.3, HSTS, OAuth/OIDC, and JWT lifecycle policies
- Automate OpenAPI specification linting to prevent overexposure of endpoints and data leakage
- Standardize authentication and authorization patterns across all services
- Build and maintain reusable libraries for encryption, tokenization, and data redaction
- Ensure secure data handling practices are adopted by default across all product teams
- Partner with engineering teams to integrate privacy-preserving patterns seamlessly
- Generate Software Bill of Materials (SBOM) for every build
- Implement artifact signing and attestation processes
- Enforce provenance verification at deployment through automated pipeline policies
Requirements:
- 5+ years of experience in Application Security or Software Engineering with a focus on data security
- Hands-on experience with GitHub Actions and CI/CD security automation
- Strong knowledge of secret detection, DLP tools, and API security best practices
- Experience implementing OAuth/OIDC-based authentication systems
- Proficiency in at least one programming language such as Python, Go, or TypeScript
- Strong understanding of secure development practices and developer workflows
- Experience with policy-as-code frameworks (e.g., OPA, Rego)
- Familiarity with cloud-native security architectures (AWS, Azure, or GCP)
- Experience building internal developer platforms or security tooling
- Knowledge of compliance frameworks (HIPAA, GDPR, SOC 2)