Senior Application Security Engineer
Printful
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇱🇻 Latvia
Visit company websiteJob Level
Senior
Tech Stack
GraphQLJavaScriptPHPPythonSDLCTypeScript
About the role
- Own and scale our Application Security program.
- You'll set the strategy, embed security into every stage of the SDLC, and coach teams to raise our "secure by default" bar.
- Own the AppSec strategy & roadmap by defining objectives, guardrails, and KPIs (e.g., vuln MTTR by severity, % coverage of SAST/DAST/SCA, secret-leak MTTR, etc.).
- Build/maintain internal tools (including ML-assisted where useful) that make the secure path the easy path.
- Lead threat modeling and architecture reviews; author/maintain secure coding guidelines for services/APIs, ensuring design-time security.
- Own intake, triage, SLAs, retests, and report to security engineering leadership.
- Conduct regular security assessments to identify vulnerabilities/risks in applications and software before they emerge.
- Partner with product & compliance by mapping SDLC controls to frameworks, scoping engagements, contributing to IR playbooks/table-tops for application-layer incidents.
Requirements
- 7+ years in application security / software engineering, and strong automation mindset and AppSec-related certifications is a plus.
- Strong Python coding; ability to review TypeScript/JavaScript and PHP.
- Depth in threat modeling, secure design patterns, authN/authZ (OAuth2/OIDC, JWT), crypto hygiene, API/web security.
- Excellent communicator and influencer: i.e. able to drive healthy change across teams and balance risk, delivery, and developer experience.
- Nice to have experience: GraphQL/mobile security, privacy-by-design, LLM application security (prompt injection, data leakage), container security, SOC 2/ISO 27001, SLSA.
Benefits
- Health insurance.
- 2 extra paid days off (either consecutively or separately) to focus on your mental or physical well-being.
- 1 extra paid day off to celebrate a Birthday or any other celebration of your choice.
- Flexible working hours (start your day as late as 11 a.m.).
- Learning Budget to support your professional development.
- Access to mentorship, internal meetups, and hackathons both on-site and online.
- Exciting team-building events and parties you’ll never forget!
- Free and healthy lunch when you work from the Rīga office.
- Design and order your own merch using our platforms with employee discount.
- Apple MacBook laptop as your standard work equipment.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
PythonTypeScriptJavaScriptPHPthreat modelingsecure design patternsauthN/authZOAuth2OIDCcrypto hygiene
Soft skills
excellent communicatorinfluencerdrive changebalance riskdeliverydeveloper experience
Certifications
AppSec-related certifications