ONE

Application Security Engineer

ONE

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $170,000 - $210,000 per year

Job Level

SeniorLead

Tech Stack

AWSDockerEC2KubernetesPython

About the role

  • Architect and implement secure AWS configurations (IAM roles/policies, encryption keys, VPC segmentation)
  • Embed security into CI/CD pipelines and repos using policy-as-code tools (pre-commit hooks, SAST/SCA, IDE tool integrations)
  • Secure container and orchestration environments (EKS, Kubernetes, Docker) per best practices
  • Conduct threat modeling sessions and risk‑driven design reviews early in development
  • Perform secure code reviews and static/dynamic analysis; oversee remediation with dev teams
  • Automate repetitive security tasks—vulnerability triage, code scanning, tool orchestration
  • Build and extend in-house AppSec automation frameworks or pentest tooling
  • Partner with security architecture and detection teams (SIEM tuning, logging, telemetry alignment)
  • Develop and enforce AppSec standards and patterns across product teams; iterate through feedback loops
  • Support regulatory or compliance assessments (PCI, CCPA, GLBA) as needed

Requirements

  • 8–12 years’ experience in application security engineering, DevSecOps, or security platform engineering
  • Deep familiarity with CVSS, MITRE ATT&CK frameworks, OWASP Top 10 and CWE taxonomy
  • Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS
  • Hands-on expertise in securing IaC and CI/CD pipelines; strong knowledge of policy-as-code tooling
  • Container security experience: Docker, Kubernetes, EKS-related threat surfaces
  • Solid threat modeling and secure code review skills; SAST/SCA tool proficiency
  • Experience scripting automation (e.g. Python, Bash, PowerShell) to streamline AppSec tasks
  • Capability to lead in-house AppSec frameworks or tooling development
  • Strong communicator, able to translate technical findings to non-technical stakeholders
  • Track record of defining and institutionalizing security architecture patterns
Benefits
  • Competitive base salary, stock options, and health benefits from Day 1
  • 401(k) plan with company match
  • Remote-friendly (US), flexible time off (FTO), and opportunities for growth
  • A high-growth, mission-driven, inclusive culture where your work has real impact

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
AWSIAMKMSVPCEC2RDSEKSDockerKubernetesPython
Soft skills
strong communicatorleadershipcollaborationproblem-solvingfeedback iteration