RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 month, 1 week ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD Encryption GitHub Actions GitOps Go Helm JavaScript Kubernetes Penetration Testing Python Secrets Management SonarQube Terraform WAF
Apply Now
Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised
View All Jobs 21

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tooling within CI/CD pipelines.
  • Partner with developers on new features and systems to identify security risks early in the SDLC.
  • Implement security best practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Serve as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and related compliance efforts.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience operating at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to drive security adoption without slowing delivery velocity.
  • Strong AWS security skills, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security concepts such as RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork abilities.

Benefits

  • Monthly company-wide Canary Days to recharge, including at least one extended weekend or day off each month.
  • Self Improvement Club with a budget for purchases that support personal monthly goals.
  • Professional development budget for cross-functional development conversations.
  • Travel reimbursement for visiting company offices in New York, San Francisco, or Dallas, plus a travel stipend.
  • Personal travel reimbursement in the form of a hotel credit when staying at hotels Canary works with.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Smartsheet

Senior Security Engineer II, Application Security (Remote Eligible)

Smartsheet 1K-5K Internet Software & Services

Smartsheet is hiring a Senior Security Engineer II to strengthen application security for its global SaaS platform by securing AI-integrated features, expanding security automation, and leading high-impact security reviews.

United States Full-time Senior Application Security Engineer
$175k-$245k
AWS Azure CI/CD GCP GitLab Go Java JavaScript LLM Penetration Testing Python Ruby TypeScript
52 minutes ago
e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
22 hours, 11 minutes ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Hong Kong Taiwan Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
2 days, 1 hour ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
3 days, 11 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers