Senior Application Security Engineer

Job not on LinkedIn

November 7

Apply Now

Receive Emails with Similar Jobs

Palermo Advisors

WebsiteLinkedInAll Job Openings

HR Tech • Recruitment • Enterprise

Palermo Advisors is a global talent advisory and headhunting firm that simplifies borderless hiring by connecting companies with world-class talent. Utilizing a vast network and customized talent acquisition strategies, they help organizations, from startups to large corporations, build teams that drive success. With over 1,500 placements, Palermo Advisors is committed to matching exceptional talent with companies’ unique needs via personalized recruitment techniques. Their experienced team, led by experts in innovation, finance, and talent acquisition, provides effective, professional recruitment solutions.

2 - 10 employees

👥 HR Tech

🎯 Recruiter

🏢 Enterprise

📋 Description

• Collaborate with development squads to validate vulnerabilities and provide actionable remediation guidance aligned with business risk. • Drive threat modeling sessions (e.g., STRIDE, PASTA) for critical systems and APIs. • Design, implement, and oversee automated processes for securely updating application and code dependencies, proactively mitigating issues and ensuring timely vulnerability remediation. • Integrate security checks into CI/CD pipelines (SAST, DAST, SCA, IaC), working with tools like Semgrep, Snyk, Trivy, and Burp Suite. • Contribute to runtime security initiatives, such as container/Kubernetes hardening, RASP, and eBPF-based detection. • Build and maintain a security issues dashboard to track remediation status and metrics. • Provide real-time support in the event of cybersecurity incidents impacting applications or cloud infrastructure (exploited vuln, credential stuffing, web/API attacks). • Partner with the Cloud Security team on security automation tasks and monitoring improvements (e.g., Security Hub remediation automations, DLP monitoring, etc.). • Conduct proactive research on new threats, vulnerabilities, and attack techniques relevant to the architecture. • Collaborate with the GRC team to develop and deliver internal security awareness initiatives, phishing campaigns, and developer training (e.g., secure coding, API security). • Participate in the continuous improvement of AppSec maturity (e.g., aligning with OWASP SAMM, ISO 27001, or SOC 2 frameworks).

🎯 Requirements

• 3–5+ years of experience in application security, penetration testing roles, and/or secure code development, including work with QA teams. • Hands-on experience with SAST, DAST, and SCA tools (e.g., Semgrep, Burp, Snyk). • Deep understanding of web, mobile, and API vulnerabilities (OWASP Top 10, API Top 10, MITRE CWE). • Proven expertise in performing code review or security assessments and writing clear reports. • Proficiency in at least one backend language (e.g., Go, Python, Node.js) and understanding of React / React Native front-ends. • Familiarity with secure architecture of microservices, event-driven systems, and REST APIs using OAuth2/OpenID Connect. • Experience securing CI/CD pipelines and integrating AppSec tooling into SDLC. • Solid knowledge of containerization and Kubernetes security fundamentals. • Understanding of cloud security (preferably AWS), including IAM principles, cloud-native service configurations, and network segmentation. • Comfortable with Agile development methodologies and working within cross-functional squads. • Software supply chain security (e.g., SBOM, artifact signing).

🏖️ Benefits

• Professional development opportunities • Wellness programs