
Senior Application Security Engineer (Remote - US) at Jobgether. This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application Security Engineer in the United States.. We are seeking a highly skilled Senior Application Security Engineer to join a fully remote, innovative engineering team. In this role, you will embed security into the software development lifecycle, ensuring secure design is the default across applications. You will lead strategy for application security tooling, automation, and developer enablement while collaborating with SREs, infrastructure, and data engineers to maintain a secure and scalable platform. This position offers the opportunity to shape security practices at scale, influence cross-functional teams, and drive continuous improvement in a dynamic, growth-oriented environment.. Accountabilities. · Define and enforce secure coding practices, dependency management, and design reviews across engineering teams.. · Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines.. · Partner with developers to identify security risks early in the lifecycle for new features and systems.. · Implement best practices for secrets handling, API authentication/authorization, and data protection.. · Develop security guidelines, reusable libraries, and training materials to enable faster, safer software delivery.. · Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely remediation.. · Collaborate with platform and infrastructure teams to align application security with compliance requirements.. · Implement monitoring, alerting, and automated remediation for security incidents across the platform.. · Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.. · Design and maintain least-privilege IAM roles, secrets management, and authentication flows.. · Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and other compliance frameworks.. · 6+ years in security engineering, DevSecOps, or related roles, with experience at scale.. · Strong communication and collaboration skills to partner effectively with product and engineering teams.. · Hands-on experience integrating security into modern SDLC pipelines.. · Proficient with AppSec tooling such as Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.. · Solid understanding of web application security, including OWASP Top 10, API security, auth flows, and input validation.. · Experience with AWS security (IAM, KMS, Security Hub, GuardDuty, WAF) and Kubernetes security (RBAC, OPA/Gatekeeper, network policies).. · Programming proficiency in Python, Go, or JavaScript for building tools, writing secure code, and contributing to developer libraries.. · Familiarity with Terraform, Helm, GitOps practices, container security, and cloud-native security best practices.. · Knowledge of networking, encryption, and security compliance frameworks.. Company Location: United States.