RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 month, 4 weeks ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD Encryption GitHub Actions GitOps Go Helm JavaScript Kubernetes Penetration Testing Python Secrets Management SonarQube Terraform WAF
Apply Now
Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised
View All Jobs 20

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tooling within CI/CD pipelines.
  • Partner with developers on new features and systems to identify security risks early in the SDLC.
  • Implement security best practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Serve as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and related compliance efforts.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience operating at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to drive security adoption without slowing delivery velocity.
  • Strong AWS security skills, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security concepts such as RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork abilities.

Benefits

  • Monthly company-wide Canary Days to recharge, including at least one extended weekend or day off each month.
  • Self Improvement Club with a budget for purchases that support personal monthly goals.
  • Professional development budget for cross-functional development conversations.
  • Travel reimbursement for visiting company offices in New York, San Francisco, or Dallas, plus a travel stipend.
  • Personal travel reimbursement in the form of a hotel credit when staying at hotels Canary works with.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Nebius

Application Security Engineer

Nebius 51-250 Internet Software & Services

Nebius is hiring an Application Security Engineer to help secure its AI cloud platform by identifying vulnerabilities, improving secure development practices, and supporting application security across the software lifecycle.

United Kingdom Europe Netherlands Czech Republic Germany Full-time Mid Level Application Security Engineer
$81k-$259k
Burp Suite Cybersecurity Go Java JavaScript Linux OpenID Connect Penetration Testing Python SAML
5 hours, 11 minutes ago
GuidePoint Security

Senior Application Security Engineer - Southeast region (Remote)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a senior Application Security consultant to help client organizations strengthen and operationalize their AppSec programs through a mix of advisory work, hands-on engineering, and executive-level guidance.

United States Full-time Senior Application Security Engineer
AWS Azure CI/CD DevSecOps GCP Kubernetes Secrets Management
5 hours, 41 minutes ago
Spotify

Security Engineer- Product Security

Spotify Media

Spotify is hiring a Security Engineer for Product Security to secure its platform, infrastructure, and engineering initiatives for hundreds of millions of users across London or Stockholm.

United Kingdom Sweden Full-time Mid Level Application Security Engineer
Agile C++ CI/CD Encryption Generative AI Java Python Scala TypeScript
5 hours, 56 minutes ago
MLabs

Product Security Engineer

MLabs 11-50 Internet Software & Services

MLabs is hiring a Product Security Engineer to secure an enterprise-grade open-source proof-of-stake blockchain platform as it scales across protocol upgrades, EVM-compatible services, and cross-chain infrastructure.

Singapore United Kingdom Switzerland Germany Hong Kong Full-time Senior Application Security Engineer
$75k-$85k
Blockchain CI/CD Encryption gRPC Java Rust
6 hours, 11 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers