Key skills
Application securityProduct securitySecurity-focused software engineeringSecure coding practicesNIST 800-218 (SSDF)OWASP Top 10Threat modelingSTRIDEDREADAPIsAuthenticationSession managementData protectionMicroservicesJiraAI-assisted application security testingSASTSCADASTCloud-native SaaS platformsSecure SDLC frameworksSecurity automationVulnerability triage and remediationSecurity testingSecurity Champions programPragmatismAIGitHubSaaSSDLCCI/CDOWASP
About this role
Limble is a company specializing in a modern SaaS computerized maintenance management platform, and they are seeking a Senior Application Security Engineer to lead their application security program. The role involves collaborating with engineering and product teams to integrate secure practices into the software development lifecycle and drive risk reduction efforts.
Responsibilities:
- You own the application security program at Limble. You set the direction, build the relationships, and own the outcomes (strategy and roadmap)
- Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions
- Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform
- Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices
- Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz
- Define the strategy for security testing across SAST, SCA, DAST, and SBOM. This includes selecting tools, guiding implementation with engineering, and ensuring signal quality over coverage theater
- Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts
- Support secure architecture for web applications and APIs
- Drive secure coding enablement through:
- OWASP training
- Secure coding best practices
- Targeted coaching based on real issues found in the codebase
- Partner with and help scale the Security Champions program to coordinate security improvements and incident response
- Track and communicate application security program progress using clear metrics and reporting
- Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking
- Assess current application security posture, secure SDLC integration, and highest-risk areas
- Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities
- Improve CI/CD security coverage while reducing noise and improving signal quality
- Establish repeatable processes for:
- Threat modeling
- Secure design reviews
- Vulnerability triage and remediation workflows
- Build strong, trusted relationships with product and engineering teams and Security Champions
- Define and begin tracking key application security KPIs and program metrics
Requirements:
- 5–8+ years in application security, product security, or security-focused software engineering
- Comfortable reading and writing code. You can review a PR and find the bug, not just run a scanner on it
- Strong depth in web and API security, including modern auth patterns and attack techniques
- Experience securing cloud-native SaaS platforms and microservices architectures
- Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices
- Proven ability to influence engineering teams through trust, clarity, and practical solutions