Senior Application Security Engineer

Summary

Join BeyondTrust as a Sr. Application Security Engineer and play a key role in securing our software applications. You will design, implement, and maintain secure CI/CD pipelines, conduct security testing, and implement security controls in cloud-native applications. Collaborate with cross-functional teams to embed security into the software development lifecycle. The ideal candidate possesses extensive experience in application security, strong knowledge of security principles and tools, and excellent communication skills. This remote position is open to US-based candidates.

Requirements

• 5+ years of progressive experience in Enterprise Software Application Security
• Bachelor's degree in computer science, Information Security, or related field
• Strong knowledge of application security principles, secure coding practices, and common vulnerabilities (e.g., OWASP Top Ten)
• Experience with application security testing tools (SAST, DAST, SCA) and vulnerability assessment methodologies
• Ability to communicate effectively with technical and non-technical stakeholders, including executives
• Strong analytical and problem-solving skills, with the ability to drive solutions to complex security challenges
• Experience with Cloud security best practices (preferably AWS)
• Strong understanding of supply chain attacks and how to successfully mitigate them
• Data-driven mindset with strong attention to detail
• Ability to thrive in an ambiguous and fast paced environment
• Intellectual curiosity & willingness to take ownership of deliverables
• Enjoy orchestrating people and managing complicated cross-functional challenges

Responsibilities

• Design, implement, and maintain secure CI/CD pipelines, ensuring code is automatically scanned and validated for security vulnerabilities
• Conduct continuous security testing, including static application security testing (SAST), SCA, dynamic application security testing (DAST), and interactive application security testing (IAST)
• Implement and maintain security controls in cloud native applications covering containers, cloud configurations and API’s
• Develop and maintain automation scripts for security tasks, such as vulnerability scanning, reporting and dashboarding
• Ensure that the organization's infrastructure and applications comply with relevant security standards and regulations
• Manage third-party security assessments and penetration testing engagements, ensuring timely remediation of identified issues
• Provide guidance on secure coding practices, architecture design, and threat modeling to development teams
• Drive the adoption of secure coding tools and technologies to automate and streamline security testing processes
• Contribute to the development and execution of security awareness and training programs
• Collaborate with Engineering, DevOps, and product teams to embed security into the software development lifecycle

Preferred Qualifications

• Master's degree in computer science, Information Security, or related field
• Professional certifications such as CISSP, CSSLP, CISM, or equivalent

Benefits

Remote work, flexible hours