Principal Security Engineer, Applications

About The Position

Requirements

• 7-12 years as an application security practitioner, including 3-5 years in security architecture.
• Strong knowledge of web/application-layer security, attack vectors, and secure coding practices.
• Experience conducting application threat modeling and performing in-depth security assessments.
• Familiarity with frameworks like OWASP, CVSS, NIST, and CIS.
• Proven expertise with SSO, RBAC models, OAuth 2.0, and other identity solutions.

Nice To Haves

• GIAC certifications (e.g., GWAPT) or CISSP/CSSP.
• Hands-on experience integrating security into product and software development initiatives.
• Track record of developing and scaling application security programs.

Responsibilities

• Coordinate business strategy, security design and review activities with various company teams.
• Define security architecture and security controls.
• Provide design and oversight into infrastructure security architectures.
• Provide design and oversight into cloud security architectures.
• Provide strategic consultation to business units, identifying and addressing potential security gaps.
• Apply risk-based methodologies to evaluate, prioritize, and address vulnerabilities and security findings.
• Serve as a bridge between business and security teams, facilitating communication and ensuring security requirements are integrated efficiently into business processes.
• Research and implement new security tools, frameworks, and processes to enhance our security posture.
• Advise software development and engineering teams to ensure that data collection, storage, transmission, and usage throughout development are transparent and security-focused.
• Provide technical leadership and oversight to application security activities and initiatives.
• Oversee bug bounty and threat researcher programs.
• Provide technical leadership and oversight to vulnerability threat management activities and initiatives.
• Provide technical leadership and oversight to penetration testing activities and initiatives.
• Provide security oversight and design guidance to the DevOps process.
• Develop metrics to measure the application security program.
• Establish automated configurations to enhance user access controls.
• Educate and guide engineers on secure coding practices.
• Mentor junior team members and foster a culture of continuous learning.
• Actively participate in security incident response.

Benefits

• Equity for all employees
• Flexible hybrid model
• Robust time off policies
• Daily free lunch
• New car discount
• Meditation and fitness apps
• Commuting cost coverage