[Remote] Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)
Note: The job is a remote job and is open to candidates in USA. AuditBoard is a leading audit, risk, ESG, and InfoSec platform that has surpassed $300M ARR. They are seeking a passionate and experienced Sr. Application Security/Product Security Engineer to work alongside product and engineering teams to develop secure and resilient software for security-conscious customers, focusing on implementing security best practices throughout the software development life cycle.
Responsibilities
- Working with product and engineering teams to implement security throughout the design and development process
- Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes
- Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team
- Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime
- Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices
- Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs
- Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions
- Assisting with Security Compliance activities as required
- Assisting with investigation and response to security incidents and web application attacks as necessary
Skills
- 5+ years of experience developing or securing web-based applications
- Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
- Experience with leading threat modeling and secure design reviews
- Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus
- Docker & Kubernetes
- Excellent organization, time management, and attention to detail
- Must be action-oriented and have a proactive and collaborative approach to solving issues
- Participates in the design review process, seeking and providing constructive criticism
- Provides significant input into system architecture, considers scalability and performance
- Communicates technical decisions through design docs, tech talks, and the wiki
- Provides mentorship and technical guidance to junior and mid-level engineers
- Ability to work within an on-call shift rotation
- Experience working on SaaS web applications
- Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
- Experience with building and securing CICD pipelines and incorporating supply chain security best practices
- Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
- Experience coordinating bug bounty and penetration testing engagements
- Leveraging, building and securing AI coding assistants, agents, and product solutions
- BS in Computer Science (or equivalent experience)
Benefits
- $200/mo for anything that enhances your life
- Comprehensive employee health coverage (all locations)
- 401K with match (US) or pension with match (UK)
- Competitive compensation & bonus program
- Flexible Vacation (US exempt & CA) or 25 days (UK)
- Time off for your birthday & volunteering
- Employee resource groups
- Opportunities for team and company-wide get-togethers!
Company Overview
- AuditBoard develops a cloud-based audit automation platform that specializes in transforming economic governance within business sectors. It was founded in 2014, and is headquartered in Cerritos, California, USA, with a workforce of 501-1000 employees. Its website is https://www.auditboard.com.
Company H1B Sponsorship
- AuditBoard has a track record of offering H1B sponsorships, with 1 in 2025, 4 in 2024, 1 in 2023, 1 in 2022. Please note that this does not guarantee sponsorship for this specific role.
Apply tot his job Apply To this Job