RegScale

Senior Application Security Engineer

RegScale

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cloud

About the role

  • Own the application security program end to end, identifying risks, setting priorities, building strategy, aligning stakeholders, driving implementation across engineering teams, and measuring outcomes.
  • Conduct threat modeling and security design reviews early in the development process, embedding security thinking into architecture and feature design before code is written.
  • Partner with developers across all engineering teams to shift security left, coaching on secure coding practices, reviewing code for vulnerabilities, and building security awareness as a shared engineering capability rather than a specialized handoff.
  • Integrate security tooling and automated security checks into CI/CD pipelines including static analysis, dependency scanning, and secrets detection, ensuring actionable security signals.
  • Own vulnerability management across the platform, triaging findings from internal testing, external assessments, and tooling, prioritizing remediation based on risk, and driving resolution to completion.
  • Lead and coordinate penetration testing and security assessments, working with internal and external resources to scope, execute, and translate findings into engineering action.
  • Define and maintain secure development standards and patterns that engineering teams can adopt, covering areas such as authentication, authorization, API security, and data-handling.
  • Bridge engineering and the external security team, translating security requirements into engineering priorities and engineering constraints into security strategy, ensuring both sides operate with shared context and mutual accountability.
  • Support compliance and regulatory requirements including FedRAMP, NIST, and enterprise customer security obligations, working with the Compliance as Code team to ensure security controls are implemented and evidenced effectively.
  • Assess and address security risks introduced by AI features and integrations, including prompt injection, data exposure through AI interfaces, and third-party model risks, working closely with the Platform and AI team to ensure AI capabilities are built and deployed securely.
  • Build visibility into the security posture of the platform through metrics, dashboards, and reporting that inform engineering leadership and support customer and auditor conversations.

Requirements

  • 10 or more years of application security experience with a demonstrated track record of owning security programs and driving initiatives end to end across complex engineering organizations.
  • Deep expertise across the application security domain including threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices.
  • Proven ability to operate as a solo practitioner or small team lead, setting priorities independently, managing competing demands, and delivering outcomes without close supervision.
  • Strong experience influencing engineering teams without direct authority, building credibility through technical depth, clear communication, and practical solutions that fit the realities of product delivery.
  • Experience integrating security into CI/CD pipelines and modern software delivery practices, with a shift left mindset that prioritizes prevention over detection.
  • Solid understanding of cloud security principles and how application security intersects with infrastructure security in a cloud native environment.
  • Strong written and verbal communication skills, able to articulate security risk, strategy, and tradeoffs clearly to engineering teams, leadership, and stakeholders including customers and auditors.
Benefits
  • RegScale is only able to hire US Citizens
  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securitythreat modelingsecure design reviewvulnerability assessmentpenetration testingsecure development practicesCI/CD integrationcloud security principlesstatic analysisdependency scanning
Soft Skills
influencing without authorityclear communicationtechnical depthindependent prioritizationmanaging competing demandsdelivering outcomesbuilding credibilitycoachingcollaborationtranslating requirements
Certifications
FedRAMP complianceNIST compliance