As a Security Engineer at Air Apps, you will be responsible for safeguarding our applications, infrastructure, and data from threats and vulnerabilities.
You will work closely with development, DevOps, and IT teams to implement secure coding practices, vulnerability scanning, and threat modeling to ensure our systems remain resilient against cyber threats.
Your expertise will help build and maintain a secure development lifecycle (SDLC), security monitoring frameworks, and proactive risk mitigation strategies.
Responsibilities include developing and implementing threat modeling to identify security risks, conducting vulnerability scanning, penetration testing, and security assessments to detect weaknesses.
You will define and enforce secure coding practices in collaboration with development teams and work with DevOps to integrate security into CI/CD pipelines and automate security testing.
Monitoring and responding to security incidents, conducting root cause analysis, and implementing preventative measures will also be part of your role.
You will ensure compliance with security standards and regulations such as ISO 27001, GDPR, and SOC 2.
Designing and implementing identity and access management (IAM) policies, encryption standards, and authentication mechanisms will be required.
Collaborating with product teams to conduct security reviews of features, APIs, and third-party integrations is essential.
You will develop incident response plans, security documentation, and best practices while staying ahead of emerging threats, vulnerabilities, and security technologies.
Requirements:
You should have around 4+ years of experience in cybersecurity, application security, or security engineering.
A strong knowledge of secure coding principles, OWASP Top 10, and threat modeling techniques is required.
Experience with vulnerability scanning tools such as Nessus, Qualys, and Burp Suite, as well as penetration testing methodologies, is necessary.
Hands-on experience with SIEM, intrusion detection systems (IDS), and security monitoring tools is expected.
Proficiency in scripting and automation using Python, Bash, or PowerShell for security tasks is essential.
Familiarity with cloud security in AWS, Azure, or GCP, including IAM and workload protection, is required.
Knowledge of encryption protocols, network security, and API security best practices is necessary.
Experience working with DevSecOps and integrating security into CI/CD pipelines is important.
You should have the ability to analyze security logs, detect anomalies, and mitigate potential threats.
Excellent problem-solving skills and the ability to communicate security concepts to non-technical stakeholders are essential.
Benefits:
We offer a remote-first approach with flexible working hours to support your work-life balance.
You will receive Apple hardware as part of our work ecosystem.
Flexible Paid Time Off (PTO) is provided to help you maintain a healthy work-life balance.
An annual bonus is included as part of the compensation package.
Top-tier health insurance is offered for your peace of mind.
A public transportation pass is provided to support your commuting needs.
The Coverflex benefits package includes meal allowances, well-being support, and more.
You will have the opportunity to attend the Air Conference 2025 in Las Vegas, allowing you to meet the team, collaborate, and grow together.
