Remote Sr. Application Security Engineer

Description:

• We are seeking a Sr. Application Security Engineer to join our security team.
• In this role, you will be a critical partner to engineering, product, and DevOps teams, helping to identify, assess, and mitigate security risks across the software development lifecycle (SDLC).
• You will drive security by design, shape our product security standards, and ensure vulnerabilities are identified, tracked, and resolved efficiently.
• This is a hands-on technical role where you will lead secure architecture/design reviews, code reviews, and penetration testing while collaborating closely with teams to embed security in every phase of product development.
• The expected working hours for this role are based in Pacific Time.

Problems You Will Solve

• Partner with engineering and product teams to define and implement security requirements for applications, APIs, and microservices during design and architecture reviews.
• Conduct in-house penetration testing, secure code reviews, and threat modeling for high-impact features and critical products.
• Lead application vulnerability management, including triaging and driving the remediation of security findings from SAST, DAST, SCA, and penetration tests.
• Consult and advise cross-functional teams (engineering, DevOps, product) on secure coding practices, security architecture, and remediation strategies.
• Establish and maintain application security standards, guidelines, and best practices, aligned with OWASP, NIST, ISO, and industry frameworks.
• Ensure vulnerabilities are classified, prioritized, and remediated according to vulnerability management policies and regulatory requirements.
• Work closely with DevSecOps teams to ensure SAST/DAST/IAST/SCA tools are integrated into CI/CD pipelines and functioning effectively.
• Track and manage security issues to resolution, providing metrics, reports, and dashboards for leadership visibility.
• Stay up-to-date with emerging security threats, vulnerabilities, tools, and methodologies to continuously improve Prosper’s security posture.

Requirements:

• A Bachelor’s degree in Computer Science, Information Security, or a related field, with 8+ years of relevant experience (or a Master’s degree with 6+ years).
• Strong hands-on experience in application security, secure coding, and penetration testing.
• A development background with expertise in Java/Python, SQL, JavaScript, HTML, and experience reviewing modern application architectures.
• Experience working with modern web application frameworks (e.g., Spring Boot, .NET, J2EE, Rails, REST, SOAP).
• An in-depth understanding of web and API security vulnerabilities (e.g., OWASP Top 10, API Top 10, CWE).
• Familiarity with authentication and authorization protocols (e.g., OAuth2, OIDC, SAML).
• Knowledge of application security testing tools (SAST, DAST, SCA, IAST) and methodologies.
• Proven experience working with DevOps/DevSecOps pipelines, integrating security tools and automation.
• A strong understanding of vulnerability management processes and regulatory frameworks (e.g., PCI DSS, GDPR, SOC 2).
• Bonus: Knowledge of cloud security (AWS, GCP, Azure) and container security (Docker, Kubernetes).
• Security experience in Agile, CI/CD, and fast-paced product development environments.
• Preferred: Industry certifications such as OSCP, CSSLP, GWAPT, CEH, GPEN, CISSP.
• Preferred: Familiarity with mobile application security testing and API security testing tools (e.g., Burp Suite, Postman, ZAP, Insomnia).
• Preferred: Knowledge of network security, infrastructure security, and microservices architecture.
• Preferred: Experience driving secure SDLC initiatives and developer security education.

Benefits:

• The opportunity to collaborate with a team of creative, fun, and driven colleagues on products that have an immediate and significant impact on people's lives.
• The opportunity to work in a fast-paced environment with experienced industry leaders.
• Flexible time off, comprehensive health coverage, competitive salary, and paid parental leave.
• Wellness benefits including access to mental health resources, virtual HIIT and yoga workouts.
• A bevy of other perks including Udemy access, childcare assistance, pet insurance discounts, legal assistance, and additional discounts.
• The salary for this position is $189,000 - $211,000 annually, plus bonus and generous benefits.