RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

4 hours, 9 minutes ago
India
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Azure CI/CD DevSecOps GCP GraphQL OAuth OpenID Connect REST API SAML SonarQube System Design
Apply Now
Onit

Onit

Onit provides automated legal operations and workflow software designed to enhance productivity and strategic decision-making across various industries by utilizing an AI-native framework for managing enterprise legal workflows, contracts, vendors, and...

IT Services
251-1K
Founded 2011
$216M raised
View All Jobs 6

Description

  • Lead security reviews for application architecture and system design, with attention to authentication, authorization, data access patterns, API exposure, and trust boundaries.
  • Conduct pre-production and go-live security assessments and determine launch readiness, mitigation needs, and acceptable risks.
  • Partner with engineering and product teams to prioritize fixes, define compensating controls, and advise on production releases.
  • Design and assess authentication and access control implementations, including OAuth2, OIDC, SAML, RBAC, and fine-grained authorization models.
  • Review REST, GraphQL, and event-driven APIs for security risks such as BOLA, injection, and data leakage, and define API security standards.
  • Assess security risks in AI-powered features and systems, including prompt injection, LLM data leakage, model misuse, and access control gaps.
  • Review architectures involving MCP or similar AI integration patterns and help define AI security guardrails.
  • Lead vulnerability identification using SAST and SCA tools, validate findings, and drive remediation with engineering teams.
  • Assess and map application attack surface, including exposed services, endpoints, integrations, third-party dependencies, and supply chain risks.
  • Integrate and optimize security tools in CI/CD pipelines, define security gates, and automate security checks where possible.

Requirements

  • 10+ years of experience in Application Security, Security Engineering, or Software Engineering with a strong security focus.
  • Proven experience performing security architecture and design reviews.
  • Proven experience conducting go-live or production readiness security assessments.
  • Experience with cloud platforms such as AWS, GCP, or Azure is preferred.
  • Strong understanding of OWASP Top 10, modern web vulnerabilities, secure system design, and threat modeling.
  • Experience with SAST tools such as SonarQube or Checkmarx.
  • Experience with SCA tools such as Snyk or Dependabot.
  • Ability to assess real-world risk and prioritize effectively in a SaaS environment.
  • Understanding of LLM risks such as prompt injection and data leakage, plus AI system architecture.
  • Exposure to securing AI features or platforms, with familiarity in MCP or similar AI integration patterns.
  • Deep expertise in authentication and authorization, including OAuth2, OIDC, SAML, RBAC, ABAC, and least privilege models.
  • Deep expertise in API security, including REST, GraphQL, BOLA, injection, and data exposure.
  • Strong knowledge of application security best practices, including secure coding, input validation, output encoding, and session management.

Benefits

  • Health coverage for employees and immediate family members.
  • Flexible paid time off plus 10 company-paid holidays annually.
  • Exceptional paid leave for birth parents, non-birth parents, and caregivers.
  • Surrogacy and adoption reimbursement.
  • 100% employer-paid life and disability insurance.
  • Voluntary benefits including hospital indemnity, critical illness, and accident coverage.
  • Tax-advantaged accounts including Flexi and NPS.
  • One paid volunteer day each year.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Brex

Application Security Engineer

Brex 1K-5K Diversified Financial Services

Brex is hiring an Application Security Engineer to help secure its finance platform by finding and responding to vulnerabilities, supporting secure development, and contributing to AI security efforts across cross-functional teams.

Anywhere Full-time Mid Level Application Security Engineer
$152k-$190k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
6 hours, 1 minute ago
GuidePoint Security

Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a security engineering professional to support application security tooling and secure development practices for its cybersecurity clients, including Fortune 500 companies and U.S. government agencies.

United States Full-time Mid Level Application Security Engineer
Azure Burp Suite CI/CD CircleCI GitHub Actions Jenkins SaltStack
6 hours, 9 minutes ago
Chainguard

Staff Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Staff Product Security Engineer to embed security into its cloud-native, open source software delivery pipelines and product stack, with the goal of reducing risk and hardening production systems.

United States Full-time Lead Application Security Engineer
$17k-$231k
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
6 hours, 40 minutes ago
ESG News

Senior Cyber Engineer

ESG News 11-50 Internet Software & Services

The Financial Times is hiring a Senior Cyber Security Engineer to strengthen application and cloud security across its AWS-hosted, cloud-native technology estate.

United Kingdom Full-time Senior Application Security Engineer Security Engineer
Agile AWS CI/CD CloudFormation GitHub Python Scrum SIEM Splunk Terraform
1 day, 4 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers