ComplyAutoRemote
Software Security Engineer
United States of America
Full Time
5 hours ago
$145,000 - $160,000 USD
No H1B
Key skills
Application SecuritySoftware DevelopmentCode ReviewVulnerability IdentificationTypeScriptJavaScriptPythonReactNode.jsAPI SecurityRelational DatabasesSaaS ApplicationsCloud InfrastructureAWSAzureGCPSAST ToolsDAST ToolsSecure Coding StandardsWeb Application ArchitectureSecurity FrameworksNIST CSFCISSOC 2PCI-DSSRegulatory ComplianceCCPAGLBAPenetration TestingThreat ModelingSecurity PoliciesSecurity Testing AutomationCI/CD SecurityIncident ResponseSaaSCI/CDCommunicationSnykCheckmarx
About this role
ComplyAuto is a fast-growing RegTech SaaS company helping organizations strengthen compliance, security, and operational efficiency through cloud-based software. They are looking for a hands-on Software Security Engineer to help shape and scale their application security program, working closely with development teams to identify risks and embed security into the software development process.
Responsibilities:
- You'll lead day-to-day application security efforts across ComplyAuto's software environment, including secure code reviews, threat modeling, manual security assessments, penetration testing, and vulnerability remediation
- You'll work directly with developers to identify risks in JavaScript, TypeScript, React, Node.js, APIs, databases, and cloud-based SaaS applications, then provide clear, actionable guidance to fix issues at the source
- You'll also help mature and design our application security program by developing security policies, documenting controls, implementing security testing tools, automating SAST and DAST capabilities within CI/CD pipelines, delivering secure coding training, and supporting incident response for application-related events
Requirements:
- 5–7+ years of experience in application security, software development, or a related security engineering role
- Strong hands-on experience reviewing code and identifying vulnerabilities that automated tools may miss
- Comfortable working in TypeScript, JavaScript, or Python
- Familiar with modern development environments such as React and Node.js
- Experience securing APIs, relational databases, SaaS applications, and cloud infrastructure across AWS, Azure, or GCP
- Experience configuring and managing SAST and DAST tools such as Snyk, Checkmarx, Veracode, Synopsys, StackHawk, Qualys, or Burp Suite
- Strong communication skills to translate complex technical risks into practical recommendations for both technical and non-technical stakeholders
- Familiarity with secure coding standards, web application architecture, security and compliance frameworks such as NIST CSF, CIS, SOC 2, and PCI-DSS
- Familiarity with regulatory requirements such as CCPA and GLBA
- Authorized to work in the United States and provide proof of work authorization within three days of hire
- Residing in the Continental United States