Canary

Canary

Canary Technologies is a leader in hospitality technology, providing award-winning solutions for hotels and lodging properties. Their innovative software enhances the guest experience, streamlines operations, and boosts revenue. With a focus on Contact...

Internet Software & Services
11-50
$47M raised

Description

  • Define and enforce secure coding, dependency management, and design review practices across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tooling within CI/CD pipelines.
  • Partner with developers on new features and systems to identify security risks early in the SDLC.
  • Implement security best practices for secrets handling, API authentication and authorization, and data protection.
  • Build security guidelines, training, and reusable libraries or patterns to help teams ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, and drive timely remediation.
  • Serve as the bridge between application developers and platform engineers to align application security with infrastructure and compliance requirements.
  • Implement monitoring, alerting, and remediation processes for security incidents across the platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and related compliance efforts.

Requirements

  • 6+ years of experience in security engineering, DevSecOps, or a related role, including experience operating at scale.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on experience with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, or Checkmarx.
  • Solid understanding of web application security, including OWASP Top 10, API security, authentication flows, and input validation.
  • Familiarity with AWS and Kubernetes security.
  • Strong programming skills in Python, Go, or JavaScript to build tools, write secure code, and contribute to developer libraries.
  • Proven ability to partner with product and engineering teams to drive security adoption without slowing delivery velocity.
  • Strong AWS security skills, including IAM, KMS, Security Hub, GuardDuty, and WAF.
  • Experience with Kubernetes security concepts such as RBAC, OPA/Gatekeeper, and network policies.
  • Hands-on experience with Terraform, Helm, and GitOps practices.
  • Familiarity with security tools such as Trivy, Falco, Snyk, or Aqua.
  • Knowledge of networking, encryption, and cloud-native security best practices.
  • Excellent communication and teamwork abilities.

Benefits

  • Monthly company-wide Canary Days to recharge, including at least one extended weekend or day off each month.
  • Self Improvement Club with a budget for purchases that support personal monthly goals.
  • Professional development budget for cross-functional development conversations.
  • Travel reimbursement for visiting company offices in New York, San Francisco, or Dallas, plus a travel stipend.
  • Personal travel reimbursement in the form of a hotel credit when staying at hotels Canary works with.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Senior Manager, Engineering

Sumo Logic 251-1K Internet Software & Services

Sumo Logic is hiring a Senior Manager, Engineering for Application Security to lead global programs that improve product security, reliability, and operational efficiency across its cloud platform.

Agile AWS C++ Docker GCP Java Kafka Kubernetes OWASP Ruby Scala SIEM
16 hours, 32 minutes ago

Security Engineering - Apps and Cloud Security

CallTek 51-250 Internet Software & Services

A security engineer at the company will own cloud and application security initiatives across CSPM, CIEM, CWPP, and AppSec platforms, with a focus on securing multi-cloud environments and enabling DevSecOps.

AWS DevSecOps GCP
16 hours, 32 minutes ago

Senior Configuration Engineer, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Configuration Engineer to lead enterprise release management and delivery automation across cloud-native, SaaS, and AI product environments.

Ansible Azure Bash CI/CD DevSecOps Docker GitOps Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 15 hours ago

Senior Cyber-Security Operations Analyst, Product AppSec

Veeam Software 1K-5K Internet Software & Services

Veeam is hiring a Senior Cyber Security Operations Analyst to help design and scale secure Azure-based development and QA environments while improving CI/CD delivery and integrating security across the software lifecycle.

Ansible AWS Azure Bash CI/CD DevSecOps Docker GCP Git GitHub Actions Jenkins Kubernetes PowerShell Python Secrets Management Terraform
6 days, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers