Senior Application Security Engineer

🔥 0 minutes ago

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Canary Technologies

Canary Technologies

11 - 50 employees

Canary Technologies is a leader in hospitality technology that provides hoteliers with easy, intuitive, and secure solutions to help hotels provide an ideal guest experience.

📋 Description

• Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions) • Partner with developers on new features and systems to identify risks early in the lifecycle • Implement best practices for secrets handling, API authentication/authorization, and data protection • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements • Implement monitoring, alerting, and remediation for security incidents across our platform • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates • Design and maintain least-privilege IAM roles, secrets management, and authentication flows • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others

🎯 Requirements

• 6+ years in security engineering, DevSecOps, or related roles, including experience at scale • Excellent communication and teamwork abilities • Strong experience integrating security into modern SDLC pipelines • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.) • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation) • Familiarity with AWS/Kubernetes security • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF) • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies) • Hands-on with Terraform, Helm, and GitOps practices • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua) • Knowledge of networking, encryption, and cloud-native security best practices

🏖️ Benefits

• Canary Days: Each month we provide company wide days off to ensure there is at least one extended weekend or day off. • Self Improvement Club: Each individual is provided a budget towards any purchases that help us achieve these goals. • Professional Development Chats: We provide budget to help drive cross functional professional development conversations across the organization. • Travel Reimbursement: Team members are able to visit our offices across New York, San Francisco or Dallas when they choose, and are provided a travel stipend for doing so. • Personal Travel Reimbursement: If you stay at a hotel that Canary works with, we provide a credit towards your stay.

Apply Now

Similar Jobs

🕒 June 23

Workana

51 - 200

👥 HR Tech

🏪 Marketplace

🎯 Recruiter

AI Application Engineer developing AI-powered applications and workflows for medxprts.ai. Collaborating with engineering teams to build features and improve operational workflows.

AWS

Cloud

Docker

Google Cloud Platform

Kubernetes

Python