CGWS - COME GROW WITH US

Product & Application Security Engineer

CGWS - COME GROW WITH US

full-time

Posted on:

Location Type: Hybrid

Location: Utah • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureJenkinsPythonSDLCTerraform

About the role

  • Provide deep expertise and guidance on secure authentication mechanisms, session management, and complex access control models relevant to a multi-tenant SaaS platform.
  • Partner closely with product managers and engineering teams to embed security requirements early in the product development lifecycle, balancing user experience (UX) with robust security.
  • Address security challenges unique to a SaaS environment, including multi-tenancy isolation, secure API design principles, prevention of horizontal privilege escalation, and secure data handling.
  • Conduct hands-on security testing of APIs using various tools (e.g., Burp Suite, Postman, custom scripts) to identify vulnerabilities and ensure secure communication and data exchange.
  • Collaborate with engineering and product teams to integrate security requirements and best practices throughout the entire SDLC, from design to deployment.
  • Conduct thorough security reviews of application architecture, design documents, and source code to identify and mitigate potential vulnerabilities.
  • Design, implement, and maintain the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into our CI/CD pipelines, and runtime protection (RASP) for web apps.
  • Develop, automate, and enhance our vulnerability management processes, including triage, prioritization, and tracking of security findings across applications.
  • Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
  • Provide expert security consultation and guidance to development teams on secure coding practices, architectural patterns, and vulnerability remediation.
  • Stay current with the latest security threats, industry best practices, and emerging technologies, advocating for their adoption to enhance our platform's security posture.

Requirements

  • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
  • Minimum 3 years of specific, hands-on experience in Application and Product Security.
  • Automation and AI: Drive automation initiatives for security tasks, leveraging scripting and orchestration to streamline workflows.
  • Deep understanding of web application and API security principles, including authentication, authorization (OAuth, OpenID Connect, JWT), session management, and access control models.
  • Proficiency in IaC (Terraform, CloudFormation) and CI/CD pipeline security (e.g., GitHub Actions, CircleCI integrations).
  • Proven experience conducting design and code reviews for web applications and APIs.
  • Demonstrable experience deploying, configuring, and maintaining SAST and DAST tools within CI/CD pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, CircleCI).
  • Strong understanding of common web application vulnerabilities (OWASP Top 10) and their exploitation/mitigation.
  • Experience with scripting languages (e.g., Python, Bash) for automation.
  • Demonstrated ability to translate technical security risks into clear, concise business terms for diverse audiences, including legal, privacy, and product stakeholders.
  • Experience collaborating directly with product teams to integrate security into product roadmaps and balance security with user experience.
  • Strong knowledge of common web application vulnerabilities (OWASP Top 10).
  • Excellent communication, interpersonal, and presentation skills.
Benefits
  • Comprehensive health, life, and disability insurance
  • Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
  • 401k plans with up to 6% company match
  • $2000 Paid-Paid Vacation bonus
  • EAP through Headspace

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
secure authentication mechanismssession managementaccess control modelsAPI security principlesStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)vulnerability managementscripting languagesweb application vulnerabilitiesautomation
Soft skills
communication skillsinterpersonal skillspresentation skillscollaborationguidancetrainingconsultationbalancing user experiencetranslating technical risksadvocating for best practices
Certifications
Bachelor's degree in Computer ScienceBachelor's degree in Information Securityrelated field degree