Senior Application Security Engineer

Application Security Engineer (AppSec, DLP & Privacy)

6 Month Contract to Hire

Remote in California

We are seeking an experienced Application Security Engineer to embed Secure-by-Design and Privacy-by-Design principles directly into the software development lifecycle (SDLC). This role focuses on building scalable, developer-native security guardrails that proactively prevent insecure or non-compliant code from being introduced into production.

Rather than manual code reviews, you will design and implement automated, policy-driven systems that enforce security and privacy standards across all stages of development.

Key Responsibilities

Secure SDLC

• Design, implement, and maintain automated security controls within CI/CD pipelines using GitHub Actions
• Develop deterministic policy-as-code gates for SAST, SCA, API validation, and schema enforcement
• Ensure insecure code cannot be merged through fully automated, non-discretionary controls

Data Loss Prevention (DLP)

• Implement source-level detection for sensitive data (PHI, PII, secrets) using regex and machine learning classifiers
• Build CI/CD controls that prevent sensitive data from entering source control, logs, or build artifacts
• Continuously improve detection accuracy and reduce false positives

API & Transport Security

• Define and enforce Layer 7 security standards, including TLS 1.3, HSTS, OAuth/OIDC, and JWT lifecycle policies
• Automate OpenAPI specification linting to prevent overexposure of endpoints and data leakage
• Standardize authentication and authorization patterns across all services

Data Protection Engineering

• Build and maintain reusable libraries for encryption, tokenization, and data redaction
• Ensure secure data handling practices are adopted by default across all product teams
• Partner with engineering teams to integrate privacy-preserving patterns seamlessl

Supply Chain Security

• Generate Software Bill of Materials (SBOM) for every build
• Implement artifact signing and attestation processes
• Enforce provenance verification at deployment through automated pipeline policies

Minimum Qualifications

• 5+ years of experience in Application Security or Software Engineering with a focus on data security
• Hands-on experience with GitHub Actions and CI/CD security automation
• Strong knowledge of secret detection, DLP tools, and API security best practices
• Experience implementing OAuth/OIDC-based authentication systems
• Proficiency in at least one programming language such as Python, Go, or TypeScript
• Strong understanding of secure development practices and developer workflows

Preferred Qualifications

• Experience with policy-as-code frameworks (e.g., OPA, Rego)
• Familiarity with cloud-native security architectures (AWS, Azure, or GCP)
• Experience building internal developer platforms or security tooling
• Knowledge of compliance frameworks (HIPAA, GDPR, SOC 2)

Disclaimer:
Brooksource, Medasource, and Calculated Hire are part of the Eight Eleven Group family of companies and operate under Eight Eleven Group, LLC. All employees receive the same benefits, policies, and terms of employment.

EEO:

We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetic information, marital status, military or veteran status, citizenship, pregnancy (including childbirth, lactation, and related conditions), or any other protected status in accordance with applicable federal, state, and local laws.

Benefits & Perks:

Brooksource offers competitive medical, dental, vision, Health Savings Account, Dependent Care FSA, and supplemental coverage with plans that can fit each employee’s needs. We offer a 401k plan that includes a company match and is fully vested after you become eligible, paid time off, sick time, and paid company holidays. We also offer an Employee Assistance Program (EAP) that provides services like virtual counseling, financial services, legal services, life coaching, etc.

Pay Disclaimer:

The pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.