FREE ACCESS
5,000–10,000 jobs/day
See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.
Application Security Engineer
OpalApplication Security Engineer at Opal responsible for securing the development lifecycle and embedding security in product designs. Collaborating closely with a dedicated engineering team to strengthen application security.
Tech Stack
Tools & technologiesAWSCloudDockerGoGraphQLKubernetesPostgresReactRedisSDLCTypeScript
About the role
Key responsibilities & impact- Own the secure SDLC end-to-end: threat modeling, design reviews, code reviews — you set the bar
- Run and coordinate app pentests (internal and external) and drive findings to closure
- Build and own SAST/DAST/SCA tooling wired into CI/CD so security ships with the code
- Triage and remediate vulnerabilities from every angle — bug bounty, internal scans, the works
- Build and maintain the security-critical stuff: encryption services, authz enforcement, authn flows
- Own the Auth0 ↔ Opal integration — tokens, sessions, MFA, SSO (SAML, OIDC, OAuth 2.0)
- Ship production Go and TypeScript to harden APIs, enforce least-privilege, and close vuln classes for good
- Create shared libraries that make the secure path the easy path for every product engineer
- Be first on the scene for security incidents: investigate, contain, find the root cause, fix it
- Partner with Infra on cloud hardening — AWS IAM, EKS, KMS, network segmentation
- Level up detection and response by writing detection rules and improving logging and alerting
- Mentor engineers on secure coding, common vuln patterns, and security architecture — you make the org smarter
- Help set the security roadmap by grounding it in real product risk
- Be the security teammate engineers *want* to work with — a collaborator, not a bottleneck
Requirements
What you’ll need- Have 4+ years in application security or software security engineering
- Actually write production code — findings reports are the floor, not the ceiling
- Know auth cold: OAuth 2.0, OIDC, SAML, session management, token lifecycle
- Are comfortable in AWS and containerized environments (Kubernetes, Docker)
- Bonus points for familiarity with our stack: Go, TypeScript, React, PostgreSQL, Redis, GraphQL
- Have led complex, cross-functional security initiatives from kickoff to completion
- Have run or participated in external pentests and seen findings through remediation
- Thrive on ownership and ambiguity — you'd rather write the playbook than wait for one
Benefits
Comp & perks- Flexible work arrangements
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysoftware security engineeringsecure SDLCthreat modelingcode reviewsSASTDASTSCAGoTypeScript
Soft Skills
mentoringcollaborationownershipproblem-solvingleadership