Senior Application Security Engineer

Summary

Join bswift as a Senior Application Security Engineer and play a pivotal role in shaping our application security program. Reporting to the CISO, you will design and implement security initiatives, integrate security testing into our CI/CD pipelines, and foster a security-first culture within development teams. You will collaborate closely with engineers and DevOps teams, providing guidance, training, and secure design recommendations. This role requires 5+ years of experience in application security or DevSecOps, hands-on experience with various security tools, and a deep understanding of OWASP Top 10. bswift offers a competitive compensation package, comprehensive health benefits, remote-first work environment, retirement savings plans, professional development opportunities, and a supportive culture.

Requirements

• 5+ years of experience in application security or DevSecOps, ideally in an agile, cloud-first environment
• Hands-on experience with security tools and practices for application security testing, such as SAST, DAST, and IAST
• Deep understanding of the OWASP Top 10/LLP Top 10 and how to apply it across the software development lifecycle
• Experience working within React/JS, Microsoft .NET stacks hosted in the AWS Cloud
• Experience working with development teams to integrate security testing into the CI/CD pipeline
• Strong knowledge of cloud-native security, particularly within AWS, and experience securing containerized applications (e.g., Kubernetes)
• Experience designing and implementing security training and awareness programs for developers
• Proven ability to work cross-functionally to drive security initiatives across engineering and development teams
• Familiarity with security automation tools and the ability to integrate them into development workflows
• Bachelor’s degree (B.A.) in Computer Science, Information Security, or related field; or equivalent relevant work experience

Responsibilities

• Design and implement an application security program aligned with best practices and the OWASP Top 10 framework
• Help integrate security testing across the development lifecycle, from code analysis to deployment, with automation and feedback loops to ensure continuous improvement
• Work closely with engineering and DevOps teams to integrate security testing into continuous integration/continuous deployment (CI/CD) pipelines
• Cultivate a security-first culture within the development team by providing training, guidance, and creating a collaborative environment
• Establish and launch a Security Ninja Champion Program to foster security champions within development teams
• Develop and implement application security metrics, starting with vulnerability management, to measure program effectiveness and drive continuous improvement
• Evaluate the current state of application security and identify areas for improvement and strategic alignment with broader organizational goals
• Provide ongoing support and feedback to development teams, empowering them to address security concerns early in the development process
• Provide secure design recommendations and architecture patterns to development teams
• Provide Penetration testing oversight and management using 3rd party and internal resources
• Lead and assist in any application related security incidents

Preferred Qualifications

• Experience with security testing frameworks and tools like SonarQube, Contrast, Checkmarx, or Snyk
• Familiarity with modern authentication and authorization frameworks (OAuth, OIDC, SAML)
• Experience in leading or mentoring security champions or developer advocate programs
• Experience in risk assessments and threat modeling to identify and mitigate security risks in applications
• Strong communication skills and the ability to evangelize security principles across teams

Benefits

• Comprehensive Health Benefits : Access to health, dental, and vision plans to support your wellness and that of your family
• Competitive Compensation : A compensation package that recognizes your skills, experience, and contributions, including performance-based incentives for most roles
• Remote first, Office friendly environment! No time to commute? No problem!
• Retirement Savings Plans : Options to help you plan for a secure financial future with employer-sponsored retirement savings programs
• Professional Development : Opportunities for career growth, including training and access to resources to support your career progression
• Supportive Culture : A work environment that encourages collaboration, open communication, and creative problem-solving, where your voice and ideas are valued
• Employee Wellbeing Initiatives : Programs focused on mental health, financial planning, and wellness resources to help you thrive inside and outside of work