Resumen del rol

Senior Application Security Engineer

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

Security Strategy & Leadership

  • Define and execute security strategy for product teams, aligning with business objectives.
  • Lead threat modeling, security architecture reviews, and design guidance for diverse software projects.
  • Mentor engineers technically and professionally, fostering a culture of security excellence.

Advanced Technical Execution

  • Conduct adversarial security analysis using automated tools and manual techniques (e.g., custom exploit development).

Advanced Technical Execution

  • Perform manual/automated secure code reviews across Java, Python, JavaScript, and cloud-native stacks.
  • Develop security automation tools to scale vulnerability detection (SAST/DAST/IAST enhancements).

Risk Mitigation & Innovation

  • Identify complex risks through offensive security research; advocate for cutting-edge mitigation technologies.
  • Solve novel security problems lacking predefined solutions (e.g., zero-day vulnerabilities, emergent attack vectors).
  • Maintain and evolve threat models for critical applications and microservices architectures.

Collaboration & Enablement

  • Partner with the engineering team to embed security controls into CI/CD pipelines and development practices.
  • Design/deliver security training programs tailored to development teams and business stakeholders.
  • Lead incident response for application security events and drive root-cause analysis.

Qualifications Required

  • 5+ years in application security, including 2+ years in a senior/lead role.
  • Expertise in threat modeling (e.g., STRIDE, PASTA), penetration testing, and secure SDLC implementation.Proficiency in code review for Java/Python/JavaScript and cloud platforms (AWS/Azure/GCP).
  • Hands-on experience building security tools (e.g., scanners, CI plugins) with Python/Go.
  • Proven track record in security architecture design and risk-based decision-making.

Preferred

  • OSCP, OSCE, GXPN, or similar offensive security certifications.
  • Contributions to security tooling/open-source projects.
  • Experience with container security (Kubernetes, Docker), serverless, or infrastructure-as-code.

Skills

  • Leadership: Ability to define team strategy, mentor engineers, and influence stakeholders.
  • Innovation: Aptitude for researching/implementing novel solutions to ambiguous security challenges.
  • Technical Depth: Mastery of application security frameworks (OWASP, NIST) and exploit techniques.
  • Communication: Translate technical risks to business impact for executives and engineers alike.
  • Execution: Drive implementation of security controls

What we can offer you

  • Culture -We put our people first and prioritize the well-being of every team member. We’ve built a company where all opinions carry weight and where all voices are heard. We value and respect each other and always look out for one another. Above all, we are human.
  • Learning - We have a learning and development-focused environment with an emphasis on knowledge sharing, training, and regular internal technical talks.
  • Compensation - You’ll receive an attractive salary, pension, health insurance,, Employee Stock Options, annual bonus, plus other benefits.

What to expect in the hiring process

  • Preliminary phone call with the recruiter
  • Take home assessment
  • Technical interview with a Lead in our Engineering Team
  • Behavioural and technical interview with a member of the Executive team.
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoApplication SecurityÁrea del rol
Señal de senioritySeniorNivel del candidato
StackAWS, Azure, CI/CDSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.