Information Security Engineer – Application Security Focus

Mechanical Orchard

full-time

Posted on: 1/28/2026

Location Type: Remote

Location: United States

Visit company website

Explore more

Security Engineer jobs

✨ AI Apply

Apply

Job Level

Mid-Level Senior

Tech Stack

AWS Azure Cloud Docker Go Google Cloud Platform Java JavaScript Kubernetes Python SDLC Vault

About the role

Build Security into Development: Work alongside engineering teams to integrate security throughout the SDLC; from design reviews and threat modeling to secure coding practices. Conduct security assessments of applications, APIs, and cloud infrastructure. Guide developers on secure authentication, authorization, cryptography, and data protection. Champion security best practices while maintaining developer velocity and trust.
Implement Security Tooling & Automation: Deploy and manage application security tools including SAST, DAST, SCA, and container scanning. Build automation for security testing in CI/CD pipelines. Implement and improve secrets management solutions. Create dashboards and metrics to track security posture.
Drive Security Initiatives: Lead application vulnerability management programs including triage, prioritization, and driving remediation. Support security compliance efforts (SOC 2, ISO 27001, or similar frameworks). Contribute to incident response and security event investigation. Develop security training and documentation for engineering teams.
Collaborate Across Teams: Partner with infrastructure and DevOps teams on cloud security controls. Perform risk assessments for new features, technologies, and third-party integrations. Participate in architecture reviews and provide security guidance.

Requirements

Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field, or equivalent practical experience.
Strong written and verbal communication skills in English.
5+ years of professional experience in information security, with a significant focus on application and cloud security.
Professional software development experience, with hands-on responsibility for designing, building, and maintaining production systems in a language like Python, Go, Java, JavaScript, or similar.
Strong understanding of application security principles: OWASP Top 10, secure authentication/authorization, encryption, API security.
Experience with cloud platforms (AWS, GCP, or Azure) and cloud-native security.
Hands-on experience with CI/CD systems and DevOps practices.
Knowledge of container security and orchestration platforms (Docker, Kubernetes).
Experience implementing security tools like SAST/DAST scanners, dependency checkers, or secrets detection.
Experience with security tools such as Aikido, Snyk, Semgrep, Trivy, Wiz, HashiCorp Vault, or similar.
Collaborative mindset—you build security solutions with engineers, not against them.

Benefits

📊 Check your resume score for this job Improve your chances of getting an interview by checking your resume score before you apply. Check Resume Score

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application securitycloud securitysecure coding practicesthreat modelingvulnerability managementrisk assessmentsencryptionAPI securityDevOps practicesCI/CD systems

Soft Skills

communication skillscollaborationleadershipproblem-solvingdocumentation

Certifications

SOC 2ISO 27001