Deploy and operationalize Cycode ASPM platform (or equivalent) as the central nervous system for application security—unifying SAST, SCA, secret scanning, container security, and IaC scanning into actionable intelligence
Build IDE-to-cloud security pipelines that catch vulnerabilities at code-write time, eliminating 90% of findings before merge
Create security-as-code frameworks that make the secure path the default path
Automate vulnerability triage, deduplication, and routing to eliminate manual security toil
Design and deploy pre-approved security patterns, libraries, and templates that enable developers to build securely without security expertise
Establish threat modeling as a lightweight, scalable practice integrated into product planning
Conduct security architecture reviews for high-risk features across mobile (iOS/Android), backend (Java, Python, PHP), and emerging hardware products
Build security tooling that developers actually want to use—think Spotify's Backstage for security
Establish SLA-driven vulnerability management workflows with clear severity definitions, ownership models, and escalation paths
Create friction-free remediation guidance—not "fix this," but "here's the exact code change needed"
Build metrics dashboards that translate security posture into business language executives understand
Partner with engineering leadership to embed security accountability into team objectives
Act as embedded security advisor to product and platform engineering teams
Translate complex security requirements into pragmatic, implementable solutions
Influence technical decisions at the architecture level—security considered in design, not bolted on after

Requirements

5+ years of hands-on experience in product security, application security, or DevSecOps roles.
Strong experience deploying and operationalizing Application Security Posture Management (ASPM) platforms, with particular emphasis on vulnerability management and findings handling.
Deep understanding of security tooling including SAST, DAST, secret scanning, SCA (Software Composition Analysis), and container scanning tools.
Proficiency in Python and the ability to learn new programming languages and technologies as needed (experience with Java, C, or PHP is a plus).
Extensive experience with threat modeling and security architecture reviews, with the ability to identify design flaws and provide actionable remediation guidance.
Strong knowledge of secure software development practices, including OWASP Top 10, secure coding principles, and secure-by-design methodologies.
Experience building security tooling and automation to scale security practices across development teams.
Familiarity with compliance frameworks including OWASP SAMM 2.0, NIST SSDF (Secure Software Development Framework), SOC 2, and GDPR, with working knowledge of privacy considerations.
Experience working with diverse technology stacks including mobile applications (iOS/Android), cloud infrastructure, and modern application development.
Expert-level threat modeling—you can identify design flaws that automated tools miss.
Security architecture experience across diverse platforms: mobile (iOS/Android SDK security), cloud (AWS/GCP), embedded systems.
CI/CD security integration—Jenkins, GitLab CI, GitHub Actions, CircleCI—where you've built security into build pipelines without breaking them.
Working knowledge of OWASP SAMM 2.0, NIST SSDF, secure coding standards.

Benefits

Competitive pay and benefits
Medical, dental, vision, life and disability insurance plans (100% paid for employees)
401(k) plan with company matching program
Mental Wellness Program & Employee Assistance Program (EAP) for mental well-being
Flexible PTO, 13 company-wide days off throughout the year
Winter and Summer Weeklong Synchronized Company Shutdowns
Learning & Development programs
Equipment, tools, and reimbursement support for a productive remote environment
Free Life360 Platinum Membership for your preferred circle
Free Tile Products

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Application Security Posture Management (ASPM)vulnerability managementSASTDASTsecret scanningSCA (Software Composition Analysis)container scanningPythonJavasecure software development practices

Soft Skills

influence technical decisionstranslate complex security requirementspartner with engineering leadershipact as embedded security advisorcreate friction-free remediation guidanceestablish threat modelingconduct security architecture reviewsbuild metrics dashboardsembed security accountabilityidentify design flaws