RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

2 hours, 20 minutes ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD Encryption GitHub Actions GitOps Go Helm JavaScript Kubernetes Penetration Testing Python Secrets Management SonarQube Terraform WAF
Apply Now
Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised
View All Jobs 15

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tooling within CI/CD pipelines.
  • Partner with developers on new features and systems to identify security risks early in the SDLC.
  • Implement security best practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Serve as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and related compliance efforts.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience operating at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to drive security adoption without slowing delivery velocity.
  • Strong AWS security skills, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security concepts such as RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork abilities.

Benefits

  • Monthly company-wide Canary Days to recharge, including at least one extended weekend or day off each month.
  • Self Improvement Club with a budget for purchases that support personal monthly goals.
  • Professional development budget for cross-functional development conversations.
  • Travel reimbursement for visiting company offices in New York, San Francisco, or Dallas, plus a travel stipend.
  • Personal travel reimbursement in the form of a hotel credit when staying at hotels Canary works with.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Owner.com

Application Security Engineer

Owner.com 11-50 Internet Software & Services

Owner.com is hiring a remote Application Security Engineer to secure its restaurant-focused AI growth platform by testing, remediating, and preventing application security issues across the product line.

United States Canada Mexico Colombia Full-time Senior Application Security Engineer
$190k-$220k
Penetration Testing
50 minutes ago
Pennylane

Senior Application Security Engineer

Pennylane 251-1K Diversified Financial Services

Pennylane is hiring a Senior Application Security Engineer to safeguard its web application, cloud infrastructure, and development practices while supporting compliance and security awareness across a fast-growing remote fintech team.

United Kingdom Croatia France Germany Greece Ireland Italy Poland Portugal Romania Spain Full-time Senior Application Security Engineer
AWS CI/CD JavaScript Kubernetes Penetration Testing Python React Ruby Ruby on Rails
3 hours, 5 minutes ago
Spotify

Security Engineer - Product Security

Spotify Media

Spotify is hiring a Security Engineer for its Product Security team in London or Stockholm to help secure engineering initiatives, application development, and AI-driven systems at global scale.

United Kingdom Sweden Full-time Senior Application Security Engineer Security Engineer
Agile C++ Encryption Generative AI Java Machine Learning Python Scala TypeScript
3 hours, 35 minutes ago
Magnet Forensics

Vulnerability Researcher

Magnet Forensics 251-1K Internet Software & Services

Magnet Forensics is hiring a U.S.-based, remote Vulnerability Researcher to support digital investigative software used to analyze evidence from computers, smartphones, tablets, and IoT devices.

United States Full-time Mid Level Application Security Engineer
$150k-$200k
IoT
4 hours, 35 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers