Senior Field Application Engineer, Embedded Software
Riverlane
LinuxPython
Senior Application Security Engineer
EnergySolutions
full-time
Posted on:
Location Type: Hybrid
Location: Boston • California, Illinois, Massachusetts, Oregon • 🇺🇸 United States
Visit company websiteSalary
💰 $119,100 - $147,400 per year
Job Level
Senior
Tech Stack
DjangoPythonSDLC
About the role
- Contribute to the application security roadmap for our internal applications—prioritize risks and sequence work across codebases, application layer, and DevOps.
- Consult with engineers to communicate requirements, create actionable tickets/acceptance criteria, and drive adoption.
- Conduct pull request reviews focused on security, provide guidance on refactors, and approve/deny with clear rationale.
- Serve as a steward for SAST/scanning: review static code scan results, triage findings, eliminate noise, and drive remediation with owners.
- Build reference implementations in Django/Python (i.e. authentication patterns, input validation, secrets handling, rate limiting, geo-based access) without direct responsibility for production feature development.
- Map SOC 2/NIST to engineering work: translate requirements into stories, controls, and automated evidence in CI/CD.
- Threat modeling & architecture: navigate libraries/architectures and document secure patterns (ADRs/RFCs) that teams follow.
- Oversee security related tasks in the Software Delivery Life Cycle (SDLC) to ensure software development activities remain in compliance.
- Collaborate with software developers and code base leads.
- Act as a liaison between technical requirements from the business (i.e. security, privacy, compliance) and development teams.
- Participate as a subject matter expert in security architecture, including new designs and design reviews.
- Recommend application security improvements based on best practices, OWASP standards and other web application security frameworks.
- Review architecture and compliance-related code changes for security impact.
- Ensure compliance with all company security policies and standards.
- Manage and maintain all security related tickets, including recommendations, testing, and validation.
Requirements
- Minimum of 5 years' experience in application security experience.
- Practice and implementation with Django/Python with a clear application-security focus (production experience and impact, not theory).
- Engineering background (software or DevOps/SRE) with the ability to read/modify code, review PRs, and build PoCs.
- Experience with GitHub security, including reviewing static code scans, triage findings, eliminate noise, and drive remediation with owners.
- Experience embedding secure SDLC into Git-based workflows and CI/CD (pre-commit, pipeline gates, policy-as-code).
- Practical knowledge of SOC 2 and familiarity with NIST 800-53; can turn requirements into technical tasks and evidence.
- Ability to operate across code, app, and DevOps (containers, IaC basics, secrets, logging/monitoring).
- Clear, persuasive communication (verbal and written) and prioritization.
- Excellent time management skills with a proven ability to meet deadlines.
- Excellent interpersonal and negotiation skills.
Benefits
- Health insurance
- Retirement plans
- Employee Stock Ownership Plan (ESOP)
- Pre-tax contribution plans
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application securityDjangoPythonstatic code analysisthreat modelingsecure SDLCGitHub securityCI/CDpolicy-as-codesecurity architecture
Soft skills
communicationtime managementinterpersonal skillsnegotiationprioritization
Certifications
SOC 2NIST 800-53
