Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy, roadmap, and measurable maturity improvements
Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions
Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform
Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices
Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz.
Implement and manage security testing capabilities across:
SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.)
DAST (new tool selection and rollout)
Vulnerability tracking and remediation workflows
Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts
Support secure architecture for web applications and APIs
Drive secure coding enablement through:
OWASP training
Secure coding best practices
Targeted coaching based on real issues found in the codebase
Partner with and help scale the Security Champions program to coordinate security improvements and incident response
Track and communicate application security program progress using clear metrics and reporting
Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking

Requirements

5–8+ years in application security, product security, or security-focused software engineering
Strong depth in web and API security, including modern auth patterns and attack techniques
Experience securing cloud-native SaaS platforms and microservices architectures
Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices
Proven ability to influence engineering teams through trust, clarity, and practical solutions.

Benefits

Fully remote position
Flexible PTO
13 paid company holidays
Paid parental leave
Health, Dental, and Vision insurance
Employer paid Basic Life insurance and Short-Term Disability insurance
Company contribution match for HSA and 401(k)
Flexible Spending Accounts
Monthly employee wellness stipend
Opportunities for Learning and Development Reimbursement
Pet insurance

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitythreat modelingsecure design reviewsvulnerability remediationSASTSCASBOMDASTsecure SDLCcloud-native SaaS security

Soft Skills

influencetrustclaritycoachingcommunicationleadershipcollaborationeducationmetrics trackingprogram management