Application Security Engineer

Summary

Join Pax8's Platform Security team as an Application Security Engineer and help build and reinforce the security posture of our software development lifecycle. Collaborate closely with software development teams to identify, evaluate, and mitigate security defects; conduct and maintain application threat models; assist with secure development frameworks; train teams on secure coding practices; and validate security processes. This role requires at least two years of experience in application/product security, familiarity with OWASP Top 10, and experience with modern software languages (Kotlin and JavaScript). You will contribute to security standards and best practices, maintain application security tooling, and support security awareness efforts. Pax8 offers a competitive compensation package and a comprehensive benefits program, including a 401(k) plan with employer match, medical, dental, and vision insurance, flexible vacation time, and paid sick time off. We are a fast-growing, dynamic, and high-energy startup organization with a strong emphasis on culture and inclusivity. We embrace hybrid and remote work whenever possible.

Requirements

• At least two (2) years of experience in application/product security
• Background in the OWASP Top 10 application security defects, including the ability to identify and remediate such vulnerabilities in different languages
• Experience with modern software languages (we primarily use Kotlin and JavaScript)
• Experience developing threat models and leading secure code reviews
• Experience with application security testing processes such as SAST, SCA, and DAST through detection, triage, and remediation
• Knowledge of secure architecture and secure design patterns in a web-based microservices environment
• Background in cloud-based infrastructure and containerized application environments
• Experience with modern workflow management processes such as ticketing systems
• Experience with modern source code management systems and CI/CD platforms
• Ability to execute independently within a small, nimble team
• Compassionate Candour—We aim to assist others with candid, actionable feedback
• Seek to Understand—Be open, curious and committed to learning
• We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8
• Do What You Say—Take ownership and honor your commitments; prioritize and deliver
• Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes
• Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission
• B.A./B.S. in a related field (e.g., Computer Science, Engineering, Cybersecurity) or equivalent work experience

Responsibilities

• Serve as a subject matter expert on application security to help drive security considerations into product design and software development processes
• Assist in creating and maintaining risk assessments and threat models against evolving features in the Pax8 software platform
• Support the development and management of application security testing processes, including automated testing and manual design review processes
• Assist teams in reproducing, triaging, and addressing security vulnerabilities
• Contribute to the development of security standards and best practices, both in the form of written documentation and code-based guardrails
• Participate in maintaining application security tooling and associated process documentation as necessary
• Support security awareness efforts within the software engineering organization by participating in the delivery of security training sessions

Benefits

• Non-Commissioned Bonus Plans or Variable Commission
• 401(k) plan with employer match
• Medical, Dental & Vision Insurance
• Employee Assistance Program
• Employer Paid Short & Long Term Disability, Life and AD&D Insurance
• Flexible, Open Vacation
• Paid Sick Time Off
• Extended Leave for Life events
• RTD Eco Pass (For local Colorado Employees)
• Career Development Programs
• Stock Option Eligibility
• Employee-led Resource Groups