Senior Application Security Engineer

Sardine
Summary
Join Sardine, a leader in fraud prevention and AML compliance, as an Application Security (AppSec) Engineer. You will play a critical role in ensuring the security and integrity of our services by performing security code reviews, vulnerability assessments, penetration tests, and integrating security tools within our CI/CD pipelines. You will also lead threat modeling exercises, triage vulnerabilities, collaborate with engineering and product teams, develop security standards, manage security training, and develop custom scripts and automation. This hands-on role requires 7+ years of experience in application security and a deep understanding of common application vulnerabilities. Sardine offers a remote-first work culture, generous compensation, and attractive benefits. We value performance over hours worked and offer flexible paid time off and various stipends.
Requirements
- 7+ years of professional experience in an application security, product security, or offensive security role
- Deep understanding of common application vulnerabilities, such as those listed in the OWASP Top 10, and their mitigation techniques (e.g., Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), Insecure Deserialization)
- Strong proficiency in reading and auditing code in at least one of the following languages: Python, Go, or JavaScript/TypeScript
- Hands-on experience with security tools for SAST, DAST, IAST, and SCA
- Solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes)
- Proven experience integrating security into various stages of the SDLC
- Strong analytical, problem-solving, and incident response skills
- Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders
Responsibilities
- Perform security code reviews, vulnerability assessments, and penetration tests on our web applications, mobile applications, and APIs
- Integrate and manage security tools within our CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA)
- Lead and conduct threat modeling exercises for new features and services to identify potential security risks in the design phase
- Triage, validate, and prioritize vulnerabilities discovered through automated tools, manual testing, and external bug bounty programs
- Collaborate with engineering and product teams to design secure solutions and provide expert guidance on remediation strategies for identified vulnerabilities
- Develop and maintain security standards, best practices, and documentation for our development teams
- Manage security training to educate developers on secure coding practices and emerging threats
- Develop custom scripts and automation to enhance our security testing capabilities and streamline security operations
- Assist in incident response activities related to application security events
Benefits
- Generous compensation in cash and equity
- Early exercise for all options, including pre-vested
- Work from anywhere: Remote-first Culture
- Flexible paid time off, Year-end break, Self care days off
- Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific
- 4% matching in 401k / RRSP - US and Canada specific
- MacBook Pro delivered to your door
- One-time stipend to set up a home office β desk, chair, screen, etc
- Monthly meal stipend
- Monthly social meet-up stipend
- Annual health and wellness stipend
- Annual Learning stipend
- Unlimited access to an expert financial advisory