Staff Application Security Engineer (SaaS)

Industry:
InsurTech
Category:
Cybersecurity
Location:
United States (Remote)
Job Description

The Staff Application Security Engineer will be a key contributor to maturing the SaaS-based security capabilities of Rogue's newest (and super exciting) client based right here in our hometown. This player-coach will influence our client's approach to securing their most critical assets in the cloud, leading their AppSec program through ambiguity, and protecting their nearly 300K customers across the US. Scope:

  • Empower security / software engineers and product teams to design, build and operate cloud-based software and infrastructure that is secure by default.
  • Identify, address, and deliver on strategically important problems for security engineering, including recognizing opportunities where the company is underinvested and making a case for additional improvements.
  • Serve as team lead for security engineers (AppSec, CloudSec), regularly coaching and mentoring engineers to increase their impact and abilities.
  • Contribute and lead threat modeling, security reviews, and design critiques, to identify risk and assist product and engineering team members in improving overall product security.
  • Develop tools and features to monitor and improve the company's security posture as it relates to application and cloud infrastructure security.
  • Lead efforts in adhering to modern compliance standards, working cross-functionality to ensure our risks are measured and mitigated.
  • Serve as the domain expert in multiple InfoSec areas and provide regular insight to product and design leads of all levels that are working within these areas.

Quals:

  • At least 7 years of experience in application security engineering.
  • Exposure to software development and/or cloud infrastructure engineering.
  • Extensive experience with common and emerging threats, vulnerabilities, and mitigations in modern cloud-based applications and infrastructure.
  • Proven experience maturing and incorporating security into S/SLDC and DevSecOps approaches.
  • Experience coaching and mentoring security engineers and application developers.
  • Ability to identify and quantify gaps, communicate issues, create roadmaps, and architect solutions that demonstrate risk reduction and drive security improvements.
  • In-depth experience working with senior engineers and managers to prioritize and execute work and highlight areas for additional maturity and investment.
  • Experience with AWS, GCP, and/or Azure cloud environments / infrastructure.
  • Familiarity with security-related compliance requirements and standards / frameworks such as PCI, SOC 2, OWASP, and NIST.

Comp:

  • $190-220K annual salary, determined by mutual fit, depth of engineering skills, and ability to lead AppSec program through ambiguity
  • Annual bonus and RSU options with notable upside potential
  • Comprehensive employment benefits

Rogue Talent and all of its hiring partners/clients are equal employment opportunity (EEO) employers who may provide reasonable accommodation to enable individuals with disabilities to perform the essential functions of the job. We champion and continue to work toward a harmoniously diverse and inclusive workforce built upon a foundation of equity and goodwill. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, veteran status, disability status, or genetic information; US citizenship is required.