CrawlJobs Logo
Canary Technologies Logo Canary Technologies · IT - Software Development

Senior Application Security Engineer

United States · Job Posted January 30, 2026
Apply Position
Job Link Share

Job Description

Our team is growing and we're hiring a Senior Application Security Engineer to join our engineering team and enable our next phase of growth. Canary's engineering team is fully remote! This role focuses on embedding security into the software development lifecycle (SDLC) and partnering with developers to make secure design the default. You will own the strategy for application security tooling, automation, and developer enablement while collaborating closely with SREs, infra, and data engineers to keep our platform both secure and scalable.

Job Responsibility

  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
  • Partner with developers on new features and systems to identify risks early in the lifecycle
  • Implement best practices for secrets handling, API authentication/authorization, and data protection
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
  • Implement monitoring, alerting, and remediation for security incidents across our platform
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others

Requirements

  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Excellent communication and teamwork abilities
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
  • Familiarity with AWS/Kubernetes security
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
  • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
  • Hands-on with Terraform, Helm, and GitOps practices
  • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
  • Knowledge of networking, encryption, and cloud-native security best practices

What we offer

  • Canary Days: company wide days off each month
  • Self Improvement Club: budget for personal goals
  • Professional Development Chats: budget for cross functional professional development
  • Travel Reimbursement: stipend for visiting offices in New York, San Francisco or Dallas
  • Personal Travel Reimbursement: credit for staying at a hotel that Canary works with
Canary Technologies - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Senior Application Security Engineer

8 matching positions

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland , Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English.
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps).
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We are seeking an experienced Application Security Engineer to join our team tha...
Location
Location
Egypt , Cairo
Salary
Salary:
Not provided
coca-colahellenic.com Logo
Coca-Cola HBC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years in information security and 2+ years in software development
  • Bachelor’s degree in computer science, Information Security, or related field, or equivalent
  • At least one Cyber Security related certification, (e.g. ISC2 CISSP, EC-Council CEH, ISACA’s CSX, Microsoft Azure Security Associate, AWS Certified Security Specialty)
  • Any Application Security certification, (e.g. EC-Council CASE, ISC2 CSSLP, OffSec OWSA, GIAC CWAD)
  • Dedicated and proactive, finding opportunities and leading initiatives independently
  • Deep understanding of enterprise, cloud and cloud-native architectures and their secure design
  • Skilled in multiple programming languages (e.g., .NET, JavaScript, Python)
  • Proven expertise in guiding security development and code evaluations and providing actionable, risk-based technical recommendations
  • Knowledge of application security best practices such as OWASP Top 10, OWASP SAMM/DSOMM, OWASP ASVS/MASVS
  • Expertise in network and web protocols (TCP/IP, TLS, HTTPS, OAuth 2.0, OpenID Connect) and common attack vectors
Job Responsibility
Job Responsibility
  • Advance the application security strategy through multi-functional initiatives and cultural influence
  • Lead security initiatives across the SDLC and improve development practices through scalable automation
  • Conduct and guide security requirements and threat modeling early in design phases
  • Partner with product management, platform engineering, development and cyber defense teams to align business goals with security needs
  • Lead security architecture, design and code reviews
  • Perform hands-on security testing to identify risks and drive remediation with development teams
  • Drive software supply chain security practices to ensure protection against code, build, and artifact tampering across the CI/CD pipeline
  • Balance business and security risks through technically grounded, pragmatic recommendations
  • Translate lessons learned into reusable organizational assets that enhance overall security posture
  • Mentor engineers and practitioners, promoting secure-by-default thinking and shared accountability
What we offer
What we offer
  • Coaching and mentoring programs
  • Development opportunities
  • Equal opportunity employer
  • Learning programs
  • Work with iconic brands
  • Supportive team
  • Volunteering Opportunities
  • Wellbeing program
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps)
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We are hiring an Application Security Engineer to join our Infrastructure & Secu...
Location
Location
United States
Salary
Salary:
170000.00 - 210000.00 USD / Year
onebrief.com Logo
Onebrief
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application Security, Cybersecurity Engineering, Software Engineering or a related field
  • U.S. citizenship required
  • A strong understanding of Linux, containerization and orchestration, and virtual machines
  • Networking fundamentals: core protocols and secure configurations
  • A deep understanding of incident response processes
  • Clear, concise writing
  • strong documentation habits and async communication
  • Core skills and technologies: Javascript/Browser security, Network Security, Firewalls, Intrusion Detection, Static Analysis, Dynamic Analysis, Container Scanning, Kubernetes, Docker, Helm, Ansible, Terraform, Linux, AWS, DoD compliance, Monitoring and Observability tools
  • 5+ years experience in Cybersecurity, Software Engineering and/or DevOps
  • Familiarity with DevOps practices, CI/CD
Job Responsibility
Job Responsibility
  • Find Vulnerabilities in our Software: Bring an attacker’s mindset to review PRs, perform code audits, and utilize static analysis to identify vulnerable code patterns
  • Fix Vulnerabilities Across the Full Stack: Think like an adversary to find, fix, prevent or patch vulnerabilities from browser to kernel
  • Improve the Security Posture of Infrastructure: Review identity and access management, logging, auditing, monitoring to help craft a layered defense
  • Make the Team Stronger: Mentor other engineers on best security practices, share news of vulnerable libraries and compromises, engage with community on active threats and trends
What we offer
What we offer
  • Equity: Share in the company's success
  • Flexible Work Environment: Remote-first organization* with flexible work hours and unlimited PTO
  • Comprehensive Health Coverage: Health, dental, vision, and life insurance
  • Retirement Plan: 401(k) plan with company match
  • Parental Leave: 8 weeks at 100% regardless of state
  • Company Retreats: Annual company summit trips
  • Home Office Budget: $1,000 per year for home office improvements
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

This is one of our most critical roles, and it’s the first dedicated AppSec hire...
Location
Location
Netherlands , Amsterdam
Salary
Salary:
Not provided
wetravel.com Logo
WeTravel
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience securing SaaS product environments
  • Experience in cloud native and containerized environments
  • Strong CI/CD experience
  • Ability to read and review code (you do not need to write application code for us day to day)
  • Experience working with software engineers
  • Hands on security engineering experience with strong ownership and delivery
Job Responsibility
Job Responsibility
  • Work closely with the Platform team to improve security across infrastructure
  • Work closely with product engineering teams to analyze code for vulnerabilities
  • Build CI/CD automation to find security issues automatically
  • Analyze what we have today, find gaps, take ownership, and execute on improvements
  • Help shift engineering mindset to be more security focused, without blocking development
What we offer
What we offer
  • Competitive salary
  • Generous "Time to Recharge" policy — enjoy unlimited paid time off to rest, recharge, and show up as your best self
  • Work remotely for a maximum of 4 weeks per calendar year
  • 2-week cross-functional onboarding program
  • Cycle-to-work scheme (Swapfiets subscription) or commuting reimbursement
  • Tuesday team lunches and after-work social events
  • Beautiful office in central Amsterdam – rooftop garden and right by Rokin metro
  • Extensive paid family leave
  • Three paid volunteer days per year — take time to give back to causes you care about, on us
  • Cutting-edge equipment and tools to set you up for success
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

In your role as a Senior Application Security Engineer, you are responsible for ...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
resmed.com Logo
ResMed
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science or related field
  • Minimum of 5 years of experience in application security, software development, or related field
  • Expertise in Securing Software Development Lifecycles
  • Expertise in one or more high-level programming languages, e.g., Java, C#, Python, etc.
  • Expertise in application-level attacks and defenses, e.g., OWASP Top 10, SANS Top 25, etc.
  • Experience with AI application security concepts e.g. OWASP Top 10 for LLM applications, etc.
  • Experience with AppSec tooling such as SAST, DAST, IAST, RASP, etc.
  • Experience working with DevOps, Agile, Scrum, Kanban methodologies
  • Experience with AWS cloud services such as WAF, EC2, S3, Lambda, VPC, CloudWatch, CloudTrail, EKS, ECS, KMS, IAM, RDS
Job Responsibility
Job Responsibility
  • Enable development teams to develop secure applications
  • Operation and support of code scanning tools, e.g., Wiz and Checkmarx
  • Supporting development teams to triage findings and enable self-service
  • Ensuring code scanning tools integrate seamlessly into the current software development lifecycle with minimal friction e.g. Github actions as a part of existing shared CICD workflows
  • Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines
  • Collaborate with key stakeholders to identify opportunities for automation, process improvement, and tool optimization
  • Research and implement new technologies to improve and grow secure development (e.g. applications, systems, outsources services)
  • Maintain operational guidelines, diagrams, and documentation for secure development
  • Work closely with the developer experience team to integrate security automation into the development process
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

The Security team at Zip is responsible for protecting the confidentiality and i...
Location
Location
United States , San Francisco
Salary
Salary:
160000.00 - 220000.00 USD / Year
ziphq.com Logo
Zip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience writing production-quality code for security tooling and services
  • Strong written and verbal communication with internal and external stakeholders
  • A solid understanding of security risks and the ability to balance security with business requirements
  • Experience with web applications, APIs, and cloud environments. At Zip, our stack includes Python, React, GraphQL, Kubernetes, and AWS
Job Responsibility
Job Responsibility
  • Design and implement technical controls to eliminate or mitigate classes of security vulnerabilities
  • Support the development of secure products through design reviews, threat models, static/dynamic scans, and hands-on security assessments
  • Validate, triage, and coordinate security findings from bug bounty and third party pentests
  • Mentor security analysts and security champions on security best practices and techniques
What we offer
What we offer
  • Start-up equity
  • Full health, vision & dental coverage
  • Catered lunches & dinners for SF employees
  • Commuter benefit
  • Team building events & happy hours
  • Flexible PTO
  • Apple equipment plus home office budget
  • 401k plan
  • Fulltime
Read More
Arrow Right