Application Security Engineer

• About Our Client:

The organization operates in the utility data and energy solutions sector, addressing challenges in enterprise energy management such as carbon emissions, cost control, and reliability. It provides a data platform enhanced by AI analytics and industry expertise to streamline energy management across millions of customer facilities. The solutions include utility bill management, energy procurement advisory for clean energy sourcing, and sustainability reporting to track carbon emissions and comply with regulations. The organization aims to integrate fragmented data and siloed processes into coordinated enterprise-wide action, supporting corporate sustainability and cost reduction goals.

• About the Opportunity:

The Application Security Engineer will lead the vulnerability management lifecycle within the information security team, ensuring the security of software through hands-on management of security tools and automation integration in the CI/CD pipeline. This role involves partnering with engineering teams to identify and remediate vulnerabilities, embedding security knowledge across development teams, and supporting early security involvement in product design. The position is key to maintaining the security posture of the organization’s technology and enabling secure development practices.

• Responsibilities:

• Own vulnerability management lifecycle: triage, prioritize, and drive remediation of findings from SAST, DAST, and SCA tools

• Maintain and optimize security tooling integrations within the CI/CD pipeline to maximize automation

• Launch and manage a Security Champions program with workshops and office hours across multiple teams

• Serve as application-layer security expert during security incidents, supporting triage and remediation

• Collaborate with Product and Engineering leadership to incorporate security practices early in the development lifecycle, including threat modeling and design reviews

• Requirements:

• 3–5 years of application security experience in SaaS or cloud-native environments

• Hands-on experience with at least two of the following: SAST, DAST, SCA, or CSPM tools (e.g., Snyk, Checkmarx, Semgrep, Wiz)

• Strong knowledge of CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI) with ability to implement and maintain integrations

• Experience with container security (Docker, Kubernetes) and API security patterns (REST, GraphQL)

• Ability to communicate technical risks effectively to non-security engineers to promote action

Nice-to-haves:

• Experience launching or growing a Security Champions program

• Familiarity with AWS security services such as GuardDuty, Security Hub, IAM Access Analyzer

• Exposure to threat modeling frameworks like STRIDE or PASTA

• Relevant certifications such as OSCP, GWAPT, CSSLP

• Pay Range and Compensation Package:

• Target annual compensation range is $131,250 to $235,156, with a competitive benefits and equity package

• Exact compensation will be based on candidate skills, experience, and location

• Visa sponsorship is not available for this position

• Benefits & Perks:

• Remote-first work culture anywhere in the US with reliable internet

• Flexible paid time off with no accrual limits for exempt employees

• 12 annual holidays and 10 days sick leave

• Up to 4 weeks bereavement leave

• 2 volunteer days and 2 professional development days per year

• 12 weeks paid parental leave for all parents

• Employer covers 75-95% of medical, dental, and vision benefits for employees and dependents

Equal Opportunity Statement: Our client is an equal opportunity employer. They celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, or national origin.

Note:

RemoteHunter is not the Employer of Record (EOR) for this role. Our purpose in this opportunity is to connect exceptional candidates with leading employers. We help job seekers worldwide discover roles that match their goals and guide them to complete their full application directly through the hiring company’s career page or ATS.