Key skills
Application SecuritySecure Coding PracticesOWASP Top 10Privacy-by-Design PrinciplesSoftware Development Lifecycle (SDLC)CI/CD PipelinesStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Software Composition Analysis (SCA)Security Design ReviewsSecurity ArchitectureSecurity Controls for AI/ML SystemsSecurity Tooling e.g.Security Tooling SnykSecurity Tooling VeracodeCloud EnvironmentsInfrastructure-as-Code (IaC)KubernetesRegulatory Compliance SOC 2Regulatory Compliance ISO 27001Regulatory Compliance HIPAARegulatory Compliance GDPRAIMLSDLCCI/CDLeadershipCommunicationSnykOWASP
About this role
Tango is a company focused on helping businesses make smarter decisions through technology and data. They are hiring a Senior Application Security Engineer to integrate security into the software development lifecycle, conduct security assessments, and mentor teams on secure coding practices.
Responsibilities:
- Integrate security into the software development lifecycle (SDLC) and CI/CD pipelines
- Conduct code and dependency scanning using tools like SAST, DAST, and SCA
- Perform security design reviews and architecture consultations
- Define and implement security controls for AI-powered product features
- Enable developers through secure coding guidance, training, and tooling
- Mentor security champions across engineering teams to scale security expertise
- Collaborate with other security engineers on threat detection and incident response
- Support vulnerability triage and remediation across applications
- Partner with Engineering and Product teams to embed secure-by-design practices
- Perform post-incident reviews and drive remediation of root causes
- Lead product security assessments and coordinate remediation efforts
- Contribute to the development of secure architecture patterns, standards and privacy-by-design guidelines
- Help shape the future of application security as we scale and innovate
- Ensure application security meets regulatory and customer compliance requirements (SOC 2, ISO 27001, HIPAA, GDPR, etc.)
- Partner with Legal, Privacy, and Compliance teams to implement secure data handling and data protection practices
- Define and track metrics (KPIs) to measure the effectiveness of the application security program, such as vulnerability remediation times and developer training coverage
- Report application security posture, risks, and trends to leadership
Requirements:
- Applicants must be authorized to work in the U.S. for any employer
- We cannot sponsor employment-based visas at this time
- There is an in-person interview as part of this hiring process
- You must be a permanent resident of the US and able to meet in person to be eligible for hire
- 5+ years of experience in application security or software engineering with a security focus
- Strong understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10) and privacy-by-design principles
- Hands-on experience with modern development frameworks and security tools (e.g., Snyk, Veracode)
- Excellent communication skills and the ability to work cross-functionally with Engineering, Product, and DevOps
- Passion for enabling secure innovation and solving complex security challenges
- Familiarity with AI/ML systems and their unique security considerations is a plus
- Experience with cloud environments, Infrastructure-as-Code (IaC), and Kubernetes is highly desired