Lead Application Security Engineer
Operative
full-time
Posted on:
Location Type: Remote
Location: Romania
Visit company websiteExplore more
Job Level
About the role
- Lead application security across all Linear and SaaS products, services, and APIs
- Act as the security authority in design and architecture discussions
- Define and enforce secure development standards across the SDLC
- Ensure security controls are implemented consistently across all products and services
- Lead the application pentesting across Operative’s products
- Establish mandatory security review gates within the SDLC and participate in engineering sprints as security champion
- Conduct security assessments for high-risk features, authentication flows, API’s, integrations, and architectural changes
- Provide formal security approval (sign-off) prior to production release as required
- Work collaboratively with DEV and QA team to provide solutions for security risk identified during SDLC lifecycle
- Coordinate formal risk acceptance with Security leadership when necessary
- Integrate security controls into CI/CD pipelines (SAST, DAST, SCA, secrets scanning, IaC scanning)
- Define and maintain secure coding standards and engineering guardrails
- Ensure security tooling produces actionable output and does not become noise
- Continuously improve automation and coverage across code repositories and services
- Lead application vulnerability management for all Linear and SaaS products
- Open, track, and maintain remediation tickets with Engineering
- Clearly document risk, severity, and remediation expectations
- Enforce remediation timelines and escalate overdue critical issues
- Validate remediation effectiveness before formal closure
- Work closely with the AI department to securely introduce AI-powered features into products
- Conduct security reviews of AI use cases, model integrations, and data flows
- Ensure proper data classification, access controls, and data minimization when integrating AI capabilities
- Assess risks related to prompt injection, data leakage, data poisoning, model abuse, excessive API exposure, and external AI integrations
- Define guardrails for AI feature deployment, including logging, monitoring, and abuse detection
- Require security validation before AI-driven features are released to production
- Ensure proper authentication, authorization, and object-level access controls
- Validate encryption, secrets management, and identity implementations
- Partner with Cloud and Infrastructure teams to ensure secure deployment patterns
- Provide monthly application security posture reports
- Maintain centralized vulnerability dashboard (SAST, DAST, SCA, Container, IaC)
- Create monthly reports on repos integration and CI/CD integration
- Provide quarterly Secure SDLC maturity assessment
- Conduct monthly AppSec review with product teams
Requirements
- Proven experience as an Application Security Engineer securing multiple product lines across diverse technology stacks, including SaaS and non-SaaS platforms
- Strong understanding of secure software architecture and design
- Hands-on experience with SAST, DAST, SCA, and CI/CD security integrations
- Deep knowledge of OWASP and OWASP API Security
- Experience assessing security risks in AI/ML or external AI integrations
- Experience leading threat modeling and design security reviews
- Ability to review modern application code
- Demonstrated ability to enforce and lead remediation with Engineering teams
- Strong communication skills and ability to operate with authority
Benefits
- Flexi work schedules
- Remote working to encourage work life balance
- Competitive salary and benefits package
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysecure software architectureSASTDASTSCACI/CD security integrationsthreat modelingsecure coding standardsvulnerability managementrisk assessment
Soft Skills
strong communication skillsleadershipcollaborationproblem-solvingauthority in discussionsdocumentationremediation enforcementrisk managementteam coordinationadaptability