Job Description

Scope

  • Work closely with product development, infrastructure engineering, and architecture teams to establish threat modeling standards, secure coding practices, automated security testing, and continuous security validation mechanisms. The ideal candidate will combine technical proficiency with strategic thinking to advance our product security posture while enabling business productivity and meeting enterprise security standards and regulatory requirements.

    • What you’ll do:

  • Design, implement, and maintain DevSecOps solutions across the CI/CD lifecycle, including secure design standards, threat modeling frameworks, SAST/DAST/IAST integration, secret scanning, and automated security release gates
  • Mentoring of more junior team members and upleveling the overall technical skill of the application security and wider security department.
  • Identify strategic gaps in product security capabilities, analyzing current state and recommending improvements to DevSecOps roadmaps and organizational security strategy
  • Collaborate with cross-functional teams (Product Development, Architecture Review Board, Infrastructure Engineering) to integrate security best practices into application development, cloud deployments, and system architecture, ensuring secure-by-design principles across environments
  • Develop and maintain security automation tools for continuous security testing, vulnerability remediation workflows, security release management, and AI-enabled security processes
  • Monitor and remediate application security vulnerabilities, misconfigurations, and policy violations from SAST/DAST tools, penetration testing results, and runtime security platforms
  • Stay current with emerging DevSecOps technologies, application security standards (OWASP, secure coding frameworks), and security testing methodologies, influencing organizational security architecture with industry best practices
  • Support the detection, investigation, and resolution of security incidents related to application vulnerabilities, code security issues, and software supply chain risks
  • Configure and optimize application security platforms, IDE security plugins, software composition analysis (SCA) tools, penetration testing vendors (HackerOne), and code-to-runtime visibility solutions
  • Support compliance efforts (SOX, PCI-DSS, ISO 27001, SOC 2) by implementing security controls in CI/CD pipelines, SBOM generation, artifact signing, and audit capabilities for regulatory requirements
  • Establish, Document, and Educate product development teams on secure coding standards, threat modeling processes, security testing procedures; with the goal of establishing secure application security baselines across the organization

    • What we are looking for:

  • 7+ years of experience in Application Security, DevSecOps Engineering, or Security Engineering roles with hands-on experience implementing security in CI/CD pipelines
  • Expert knowledge of application security testing tools and methodologies including SAST, DAST, IAST, SCA, secret scanning, and penetration testing across enterprise environments
  • Deep understanding of secure software development lifecycle (SSDLC) fundamentals including threat modeling, secure design principles, secure coding practices, vulnerability management, and security release processes
  • Strong experience with Azure cloud security, including cloud-native application security, Infrastructure as Code (IaC) security, and container/Kubernetes security
  • Proficient with security automation scripting (e.g., PowerShell, Python, Bash) and CI/CD integration (Jenkins, GitLab CI, GitHub Actions) for automated security testing and remediation workflows
  • Experience implementing DevSecOps solutions in fast-paced or highly regulated environments (finance, healthcare, SaaS, etc.) with demonstrated ability to manage complex security requirements and regulatory compliance at enterprise scale
  • Preferred Qualifications:
  • Hands-on experience with any of the following:
  • Orca Security platform (AppSec, code-to-runtime visibility, IDE integrations)
  • HackerOne or similar penetration testing/bug bounty platforms
  • Software Composition Analysis tools (BlackDuck, JFrog, etc.)
  • Threat modeling frameworks and tools
  • AI-enabled security workflows and automation
  • SBOM generation and artifact signing solutions
  • Experience leading organization-wide initiatives and driving security outcomes that empower business goals while reducing manual security overhead

    • Our Values


    If you want to know the heart of a company, take a look at their values. Ours unite us. They are what drive our success – and the success of our customers. Does your heart beat like ours? Find out here: Core Values

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

    Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application