Remote Senior Application Security Engineer

Description:

• bswift is seeking a Senior Application Security Engineer to join their Information Security team, reporting to the CISO.
• The role involves driving a shift-left security culture within development teams and building a robust application security/DevSecOps function from the ground up.
• Responsibilities include collaborating with developers to integrate security practices throughout the software development lifecycle.
• In the first six months, the engineer will design and implement an application security program aligned with best practices and the OWASP Top 10 framework.
• The engineer will help integrate security testing across the development lifecycle, from code analysis to deployment, with automation and feedback loops for continuous improvement.
• The role requires close collaboration with engineering and DevOps teams to integrate security testing into CI/CD pipelines.
• The engineer will cultivate a security-first culture by providing training, guidance, and creating a collaborative environment.
• Establishing and launching a Security Ninja Champion Program to foster security champions within development teams is also a key responsibility.
• The engineer will develop and implement application security metrics, starting with vulnerability management, to measure program effectiveness.
• Ongoing support and feedback to development teams will be provided to empower them to address security concerns early in the development process.
• The engineer will offer secure design recommendations and architecture patterns to development teams and manage penetration testing using both internal and third-party resources.
• Leading and assisting in application-related security incidents is also part of the role.

Requirements:

• Candidates must have 5+ years of experience in application security or DevSecOps, ideally in an agile, cloud-first environment.
• Hands-on experience with security tools and practices for application security testing, such as SAST, DAST, and IAST, is required.
• A deep understanding of the OWASP Top 10/LLP Top 10 and its application across the software development lifecycle is essential.
• Experience with React/JS and Microsoft .NET stacks hosted in the AWS Cloud is necessary.
• Candidates should have experience working with development teams to integrate security testing into the CI/CD pipeline.
• Strong knowledge of cloud-native security, particularly within AWS, and experience securing containerized applications (e.g., Kubernetes) is required.
• Experience in designing and implementing security training and awareness programs for developers is preferred.
• Proven ability to work cross-functionally to drive security initiatives across engineering and development teams is essential.
• Familiarity with security automation tools and the ability to integrate them into development workflows is necessary.
• Preferred qualifications include experience with security testing frameworks and tools like SonarQube, Contrast, Checkmarx, or Snyk, and familiarity with modern authentication and authorization frameworks (OAuth, OIDC, SAML).
• Experience in leading or mentoring security champions or developer advocate programs, as well as in risk assessments and threat modeling, is also preferred.
• Strong communication skills and the ability to evangelize security principles across teams are required.
• A Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent relevant work experience is necessary.

Benefits:

• Employees have access to comprehensive health benefits, including health, dental, and vision plans to support their wellness and that of their families.
• The compensation package is competitive and recognizes skills, experience, and contributions, including performance-based incentives for most roles.
• bswift offers a remote-first, office-friendly environment, eliminating the need for commuting.
• Retirement savings plans are available to help employees plan for a secure financial future with employer-sponsored programs.
• Opportunities for professional development, including training and access to resources to support career progression, are provided.
• The company fosters a supportive culture that encourages collaboration, open communication, and creative problem-solving, valuing each team member's voice and ideas.
• Employee wellbeing initiatives focus on mental health, financial planning, and wellness resources to help employees thrive inside and outside of work.
• The base salary range for this position is $100,000-$170,000, exclusive of fringe benefits or potential bonuses, with a commitment to pay equity and internal equity considerations.