Senior Application Security Engineer

Sardine Logo

Sardine

πŸ’΅ $126k-$154k
πŸ“Remote - Canada

Summary

Join Sardine, a leader in fraud prevention and AML compliance, as an Application Security (AppSec) Engineer. You will play a critical role in ensuring the security and integrity of our services by performing security code reviews, vulnerability assessments, penetration tests, and integrating security tools within our CI/CD pipelines. You will also lead threat modeling exercises, triage vulnerabilities, collaborate with engineering and product teams, develop security standards, manage security training, and develop custom scripts and automation. This hands-on role requires 7+ years of experience in application security and a deep understanding of common application vulnerabilities. Sardine offers a remote-first work culture, generous compensation, and attractive benefits. We value performance over hours worked and offer flexible paid time off and various stipends.

Requirements

  • 7+ years of professional experience in an application security, product security, or offensive security role
  • Deep understanding of common application vulnerabilities, such as those listed in the OWASP Top 10, and their mitigation techniques (e.g., Cross-Site Scripting (XSS), SQL Injection, Cross-Site Request Forgery (CSRF), Insecure Deserialization)
  • Strong proficiency in reading and auditing code in at least one of the following languages: Python, Go, or JavaScript/TypeScript
  • Hands-on experience with security tools for SAST, DAST, IAST, and SCA
  • Solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes)
  • Proven experience integrating security into various stages of the SDLC
  • Strong analytical, problem-solving, and incident response skills
  • Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders

Responsibilities

  • Perform security code reviews, vulnerability assessments, and penetration tests on our web applications, mobile applications, and APIs
  • Integrate and manage security tools within our CI/CD pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA)
  • Lead and conduct threat modeling exercises for new features and services to identify potential security risks in the design phase
  • Triage, validate, and prioritize vulnerabilities discovered through automated tools, manual testing, and external bug bounty programs
  • Collaborate with engineering and product teams to design secure solutions and provide expert guidance on remediation strategies for identified vulnerabilities
  • Develop and maintain security standards, best practices, and documentation for our development teams
  • Manage security training to educate developers on secure coding practices and emerging threats
  • Develop custom scripts and automation to enhance our security testing capabilities and streamline security operations
  • Assist in incident response activities related to application security events

Benefits

  • Generous compensation in cash and equity
  • Early exercise for all options, including pre-vested
  • Work from anywhere: Remote-first Culture
  • Flexible paid time off, Year-end break, Self care days off
  • Health insurance, dental, and vision coverage for employees and dependents - US and Canada specific
  • 4% matching in 401k / RRSP - US and Canada specific
  • MacBook Pro delivered to your door
  • One-time stipend to set up a home office β€” desk, chair, screen, etc
  • Monthly meal stipend
  • Monthly social meet-up stipend
  • Annual health and wellness stipend
  • Annual Learning stipend
  • Unlimited access to an expert financial advisory

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.