We are redirecting you to the source. If you are not redirected in 3 seconds, please click here.

Senior Application Security Engineer at Limble. Remote Location: Remote. About Limble. At Limble we empower the unsung heroes who support the world. We’re revolutionizing the way businesses manage their maintenance operations by providing a comprehensive suite of software solutions that empower organizations to optimize asset performance and drive operational excellence. From preventive maintenance to inventory management and beyond, our robust CMMS platform offers a suite of features designed to streamline operations and enhance productivity.. About the Role. Limble is hiring a Senior Application Security Engineer to lead and scale our application security program for a modern SaaS computerized maintenance management (“CMMS”) platform. This is a senior, high-ownership role requiring deep hands-on technical ability and strong cross-team influence.. You’ll report directly to our Head of Information Security and partner closely with Engineering and Product to embed secure-by-design practices into the SDLC, improve CI/CD security automation, and drive measurable risk reduction. Success requires someone who is collaborative and trusted by engineers. You must be able to build relationships, coach effectively, and drive security outcomes without slowing delivery.. Responsibilities. Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy, roadmap, and measurable maturity improvements. Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions. Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform. Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices. Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz.. Implement and manage security testing capabilities across:. SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.). DAST (new tool selection and rollout). Vulnerability tracking and remediation workflows. Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts. Support secure architecture for web applications and APIs. Drive secure coding enablement through:. OWASP training. Secure coding best practices. Targeted coaching based on real issues found in the codebase. Partner with and help scale the Security Champions program to coordinate security improvements and incident response. Track and communicate application security program progress using clear metrics and reporting. Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking. What Success Looks Like (First 90 Days). Assess current application security posture, secure SDLC integration, and highest-risk areas. Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities. Improve CI/CD security coverage while reducing noise and improving signal quality. Establish repeatable processes for:. Threat modeling. Secure design reviews. Vulnerability triage and remediation workflows. Build strong, trusted relationships with product and engineering teams and Security Champions. Define and begin tracking key application security KPIs and program metrics. Technical Skills & Tooling. AI-assisted application security testing and automation: ability to use tools such as Claude and Cursor to scale and automate security activities, including identifying vulnerabilities, generating test cases, and developing proof-of-concept exploits to validate findings.. Cloud & platform: AWS. CI/CD & source control: GitHub, Wiz, or similar systems. Security tooling: SAST, SCA, SBOM, DAST. AppSec expertise:. Secure coding practices. Security frameworks: NIST 800-218 (SSDF), OWASP. APIs, auth, session management, data protection, microservices. Threat modeling: STRIDE w/ DREAD. Engineering workflows: Jira or similar systems. Familiarity with AI-assisted development tools (e.g., Cursor, Claude) and ability to apply appropriate security guardrails. Strong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation). Qualifications. 5–8+ years in application security, product security, or security-focused software engineering. Strong depth in web and API security, including modern auth patterns and attack techniques. Experience securing cloud-native SaaS platforms and microservices architectures. Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices. Proven ability to influence engineering teams through trust, clarity, and practical solutions. Key Traits for This Role. Relationship-driven and able to build credibility quickly with engineers. Strong communicator who can translate risk into actionable engineering work. Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy. Comfortable taking ownership and driving initiatives end-to-end. Benefits. $165,000 - $185,000 annual salary. Fully remote position. Flexible PTO. 13 paid company holidays. Paid parental leave. Health, Dental, and Vision insurance. Employer paid Basic Life insurance and Short-Term Disability insurance. Company contribution match for HSA and 401(k). Flexible Spending Accounts. Monthly employee wellness stipend. Opportunities for Learning and Development Reimbursement. Pet insurance. Limble is an equal opportunity employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetics, marital status, veteran status, or any other protected characteristic under applicable laws. We are committed to building a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All qualified applicants with arrest or conviction records will be considered in accordance with applicable laws.