RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

1 month ago
India
Full-time
Senior
Application Security Engineer
Cybersecurity
AWS Azure CI/CD DevSecOps GCP GraphQL OAuth OpenID Connect REST API SAML SonarQube System Design
Apply Now
Onit

Onit

Onit provides automated legal operations and workflow software designed to enhance productivity and strategic decision-making across various industries by utilizing an AI-native framework for managing enterprise legal workflows, contracts, vendors, and...

IT Services
251-1K
Founded 2011
$216M raised
View All Jobs 7

Description

  • Lead security reviews for application architecture and system design, with attention to authentication, authorization, data access patterns, API exposure, and trust boundaries.
  • Conduct pre-production and go-live security assessments and determine launch readiness, mitigation needs, and acceptable risks.
  • Partner with engineering and product teams to prioritize fixes, define compensating controls, and advise on production releases.
  • Design and assess authentication and access control implementations, including OAuth2, OIDC, SAML, RBAC, and fine-grained authorization models.
  • Review REST, GraphQL, and event-driven APIs for security risks such as BOLA, injection, and data leakage, and define API security standards.
  • Assess security risks in AI-powered features and systems, including prompt injection, LLM data leakage, model misuse, and access control gaps.
  • Review architectures involving MCP or similar AI integration patterns and help define AI security guardrails.
  • Lead vulnerability identification using SAST and SCA tools, validate findings, and drive remediation with engineering teams.
  • Assess and map application attack surface, including exposed services, endpoints, integrations, third-party dependencies, and supply chain risks.
  • Integrate and optimize security tools in CI/CD pipelines, define security gates, and automate security checks where possible.

Requirements

  • 10+ years of experience in Application Security, Security Engineering, or Software Engineering with a strong security focus.
  • Proven experience performing security architecture and design reviews.
  • Proven experience conducting go-live or production readiness security assessments.
  • Experience with cloud platforms such as AWS, GCP, or Azure is preferred.
  • Strong understanding of OWASP Top 10, modern web vulnerabilities, secure system design, and threat modeling.
  • Experience with SAST tools such as SonarQube or Checkmarx.
  • Experience with SCA tools such as Snyk or Dependabot.
  • Ability to assess real-world risk and prioritize effectively in a SaaS environment.
  • Understanding of LLM risks such as prompt injection and data leakage, plus AI system architecture.
  • Exposure to securing AI features or platforms, with familiarity in MCP or similar AI integration patterns.
  • Deep expertise in authentication and authorization, including OAuth2, OIDC, SAML, RBAC, ABAC, and least privilege models.
  • Deep expertise in API security, including REST, GraphQL, BOLA, injection, and data exposure.
  • Strong knowledge of application security best practices, including secure coding, input validation, output encoding, and session management.

Benefits

  • Health coverage for employees and immediate family members.
  • Flexible paid time off plus 10 company-paid holidays annually.
  • Exceptional paid leave for birth parents, non-birth parents, and caregivers.
  • Surrogacy and adoption reimbursement.
  • 100% employer-paid life and disability insurance.
  • Voluntary benefits including hospital indemnity, critical illness, and accident coverage.
  • Tax-advantaged accounts including Flexi and NPS.
  • One paid volunteer day each year.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Chainguard

Senior Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Staff Product Security Engineer to embed security into its open source software delivery and cloud-native product stack, with ownership of secure pipelines, product hardening, and security architecture across the company.

United Kingdom Full-time Lead Application Security Engineer
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
6 hours, 7 minutes ago
Chainguard

Senior Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Senior Product Security Engineer to embed security into its cloud-native product and delivery pipelines, helping protect hardened open source builds from development through production.

Canada Full-time Senior Application Security Engineer
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
6 hours, 7 minutes ago
Chainguard

Senior Product Security Engineer

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Senior Product Security Engineer to embed security into the development lifecycle for cloud-native, Kubernetes-based products and strengthen the security of their open source software supply chain.

United States Full-time Senior Application Security Engineer
$157k-$184k
AWS CI/CD GCP GitHub Actions Go Kubernetes OWASP Penetration Testing Python Secrets Management Tekton
6 hours, 7 minutes ago
Brex

Senior Application Security Engineer (Remote)

Brex 1K-5K Diversified Financial Services

Brex is hiring a Senior Application Security Engineer to secure its finance platform by finding vulnerabilities, improving secure development practices, and protecting emerging AI-driven product features.

United States Full-time Senior Application Security Engineer
$192k-$240k
AWS GraphQL gRPC Kotlin Kubernetes Penetration Testing Python
6 hours, 22 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers