RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

2 weeks, 6 days ago
United States
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Burp Suite CI/CD Encryption GitHub Actions GitOps Go Helm JavaScript Kubernetes Penetration Testing Python Secrets Management SonarQube Terraform WAF
Apply Now
Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised
View All Jobs 18

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tooling within CI/CD pipelines.
  • Partner with developers on new features and systems to identify security risks early in the SDLC.
  • Implement security best practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Serve as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and related compliance efforts.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience operating at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to drive security adoption without slowing delivery velocity.
  • Strong AWS security skills, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security concepts such as RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork abilities.

Benefits

  • Monthly company-wide Canary Days to recharge, including at least one extended weekend or day off each month.
  • Self Improvement Club with a budget for purchases that support personal monthly goals.
  • Professional development budget for cross-functional development conversations.
  • Travel reimbursement for visiting company offices in New York, San Francisco, or Dallas, plus a travel stipend.
  • Personal travel reimbursement in the form of a hotel credit when staying at hotels Canary works with.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Bugcrowd

Product Security Engineering Manager

Bugcrowd 1K-5K Internet Software & Services

Bugcrowd is hiring a Product Security Engineering Manager to lead application, platform, and FedRAMP security programs while guiding a distributed team and advancing secure-by-default engineering across the company.

United States Full-time Senior Application Security Engineer
$176k-$242k
AWS Azure CI/CD Cybersecurity Docker GCP Go Java Kubernetes Linux Python Ruby Terraform
17 hours, 13 minutes ago
MongoDB

Senior Product Security Engineer, Server

MongoDB 1K-5K Internet Software & Services

MongoDB is hiring a Product Security professional to strengthen the security of its core database products and customer-facing security features for its Database Server team in Dublin or remotely in Ireland.

Ireland Full-time Senior Application Security Engineer
AWS Azure C++ Encryption GCP MongoDB Penetration Testing Secrets Management
21 hours, 54 minutes ago
MongoDB

Director, Identity & Security Product Management

MongoDB 1K-5K Internet Software & Services

MongoDB is hiring a Director of Identity and Security Product Management in Canada to lead the strategy and roadmap for IAM and security across its Atlas platform, core database, and related services.

Canada Full-time Executive Application Security Engineer Product Manager
$87k-$110k
AWS Azure GCP JIRA Microservices MongoDB Network Security
23 hours, 21 minutes ago
Backblaze

Sr. Software Engineer - Application Security

Backblaze 251-1K IT Services

Backblaze is hiring an Application Security Engineer to strengthen the security of its cloud storage and backup products by embedding application security into new and existing software across a large, distributed stack.

Mexico Colombia Argentina Costa Rica Full-time Senior Application Security Engineer Software Engineer
C C++ Encryption Go HTTP Java JavaScript Linux Node.js Python REST API TypeScript
23 hours, 34 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers