Senior Application Security Engineer

SSenior Security Engineer

We are seeking a highly motivated Senior Security Engineer to join our Security Engineering team! If you thrive in data analysis, lead with innovation, and enjoy collaborating with a smart, dynamic team, we’d love to hear from you.

This hybrid role is based in Palo Alto, California, requiring at least three days per week in the office. The position reports to the Senior Manager, Security Engineering.

Key Responsibilities:

• Implement cloud-first, security-first design patterns and integrate them with existing systems.
• Ensure applications meet GDPR, HIPAA, OWASP, and other compliance requirements.
• Operate and optimize security solutions in cloud environments.
• Work with developers, technology leaders, and external partners to mitigate security risks.
• Support DevOps, SRE, and cloud security initiatives.
• Research and implement new security tools and methodologies.
• Lead incident response for critical security events.
• Serve as a technical advisor on Application Security best practices.
• Embed security into automation to create a robust cloud environment.
• Diagnose and troubleshoot security and performance issues.

Experience & Qualifications:

• 5 years in DevSecOps, cloud security, CI/CD management, and automation.
• Expertise with public cloud providers and infrastructure-as-code tools like Terraform, GitHub, and GitLab.
• Strong programming skills in Python, TypeScript.
• Experience with Docker, Kubernetes, and serverless technologies.
• Deep understanding of web and network security (OWASP Top 10).
• Knowledge of SOC 2 Type 2, ISO, GDPR, CCPA compliance and audits.
• Ability to analyze and mitigate risks in static code analysis, dependency scanning, API security, and web application scanning.
• Strong analytical and problem-solving skills with data-driven decision-making.

Nice-to-Have:

• Experience with CloudFormation, Terraform, AWS IAM, API Security, and Container Security.
• Familiarity with Datadog, Prometheus, and other observability tools.
• Experience managing cloud security at scale (VPC, IAM, RBAC).
• Project management experience.

This version keeps all the essential technology requirements while making it more direct and readable. Let me know if you'd like any further refinements!