Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines such as GitHub Actions.
  • Partner with developers on new features and systems to identify security risks early in the lifecycle.
  • Implement secure practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Act as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for compliance frameworks such as SOC 2 and ISO 27001.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tools such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to improve security adoption without slowing delivery.
  • Strong AWS security knowledge, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security, including RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork skills.

Benefits

  • Fully remote engineering team.
  • Company-wide Canary Days each month for recharge and extended time off.
  • Self Improvement Club with a monthly budget for personal goal-related purchases.
  • Professional Development Chats with budget for cross-functional development conversations.
  • Travel reimbursement and a stipend for visiting offices in New York, San Francisco, or Dallas.
  • Personal travel reimbursement credit when staying at a hotel Canary works with.
  • Equal opportunity employer commitment to fair employment and advancement regardless of protected characteristics.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Application Security Engineer

ClearCapital.com, 1-10 Real Estate

Clear Capital is hiring a Senior Application Security Engineer to secure application services and related dependencies across the software lifecycle, with a strong focus on risk mitigation, secure development, and AI and third-party software security.

AWS C++ Java JavaScript Penetration Testing PHP PowerShell Python Ruby
14 hours, 55 minutes ago

Senior Mobile Security Engineer (Android/iOS)

Coforge 10K-50K IT Services

A mobile security engineer role focused on hardening Android and iOS applications, building reusable protection components, and validating defenses against real-world attacks.

Android iOS Java Kotlin Objective-C Penetration Testing Swift TLS
1 day, 14 hours ago

Lead Application Security Engineer

Coforge 10K-50K IT Services

Application Security role at a banking organization focused on securing new financial features, automating security checks, and guiding development teams on secure design and coding practices.

GitHub Actions GitLab CI Go Java Jenkins Kotlin Microservices Node.js SonarQube Swift
1 day, 14 hours ago

Product Security Engineer

Action1 11-50 Internet Software & Services

Action1 is hiring a Product Security Engineer to secure its multi-tenant SaaS platform by working with engineering, product, and security teams to identify risks early and strengthen product security practices.

AWS C++ Cybersecurity DevSecOps JavaScript Network Security Penetration Testing
3 days, 14 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers