{"version":"0.1","company":{"name":"YubHub","url":"https://yubhub.co","jobsUrl":"https://yubhub.co/jobs/skill/modern-development-practices"},"x-facet":{"type":"skill","slug":"modern-development-practices","display":"Modern Development Practices","count":1},"x-feed-size-limit":100,"x-feed-sort":"enriched_at desc","x-feed-notice":"This feed contains at most 100 jobs (the most recently enriched). For the full corpus, use the paginated /stats/by-facet endpoint or /search.","x-generator":"yubhub-xml-generator","x-rights":"Free to redistribute with attribution: \"Data by YubHub (https://yubhub.co)\"","x-schema":"Each entry in `jobs` follows https://schema.org/JobPosting. YubHub-native raw fields carry `x-` prefix.","jobs":[{"@context":"https://schema.org","@type":"JobPosting","identifier":{"@type":"PropertyValue","name":"YubHub","value":"job_aff17a60-097"},"title":"Application Security Engineer","description":"<p>As a Security Engineer focused on Application and Product Security, you will play a key role in improving the security posture of our applications, services, and development ecosystem.</p>\n<p>You will work closely with engineering teams to integrate security into the software development lifecycle, build secure-by-default patterns, and ensure that products are resilient against modern threats.</p>\n<p>This role combines hands-on technical work, security engineering, and collaboration with developers to guide secure design and remediation.</p>\n<p>You will help implement security controls, perform assessments, and contribute to the continuous improvement of our security program.</p>\n<p>Key responsibilities include:</p>\n<ul>\n<li>Integrating application security best practices into the development lifecycle by partnering with engineering teams and enabling automated security checks within CI/CD pipelines.</li>\n</ul>\n<ul>\n<li>Supporting and maintaining Application Security based tooling,including SAST, DAST, SCA, and secrets scanning,and helping developers interpret and remediate findings.</li>\n</ul>\n<ul>\n<li>Conducting secure code reviews, threat modeling sessions, and application architecture assessments to identify risks and propose mitigation strategies.</li>\n</ul>\n<ul>\n<li>Developing and maintaining security automation, guardrails, and reusable components.</li>\n</ul>\n<ul>\n<li>Assisting in defining and improving secure coding standards and application hardening practices.</li>\n</ul>\n<ul>\n<li>Supporting monitoring and detection efforts by helping improve application-level logging, telemetry, and alerting.</li>\n</ul>\n<ul>\n<li>Assisting in incident response activities related to application vulnerabilities, including verification, triage, and remediation support.</li>\n</ul>\n<ul>\n<li>Staying current on emerging threats, vulnerabilities, and best practices in application and product security.</li>\n</ul>\n<ul>\n<li>Contributing to documentation including security requirements, guidelines, and remediation playbooks.</li>\n</ul>\n<ul>\n<li>Participating in internal security reviews, compliance-driven assessments, and architectural walkthroughs.</li>\n</ul>\n<ul>\n<li>Developing and helping maintain existing application security tools, pipelines, and workflows.</li>\n</ul>\n<ul>\n<li>Collaborating with engineering and product teams to ensure secure deployment and continuous improvement of applications.</li>\n</ul>\n<p>Requirements include:</p>\n<ul>\n<li>A bachelor’s degree in Computer Science, Engineering, MIS, or equivalent practical experience.</li>\n</ul>\n<ul>\n<li>2–5 years of experience in application security, product security, software engineering with a security focus, or a related technical role.</li>\n</ul>\n<ul>\n<li>Strong understanding of application vulnerabilities and mitigation strategies (OWASP Top 10, CWE).</li>\n</ul>\n<ul>\n<li>Experience with CI/CD tooling, Git-based workflows, and modern development practices.</li>\n</ul>\n<ul>\n<li>Familiarity with cloud security concepts and hands-on experience with at least one cloud platform (AWS, Azure, or GCP).</li>\n</ul>\n<ul>\n<li>Experience with one or more programming languages such as Python, Go, Java, JavaScript/Typescript, or Ruby. (Java and Python preferred.)</li>\n</ul>\n<ul>\n<li>Experience with application security tools such as OWASP ZAP, Burp Suite, SAST/DAST tools, SCA, or dependency scanning.</li>\n</ul>\n<ul>\n<li>Knowledge of secure coding principles, API security, authentication, authorization, and secrets management.</li>\n</ul>\n<ul>\n<li>Strong problem-solving skills and the ability to communicate technical issues clearly to developers and cross-functional stakeholders.</li>\n</ul>\n<ul>\n<li>Understanding of agile development processes and working within engineering teams.</li>\n</ul>\n<ul>\n<li>Ability to Travel: This role will require 25% in-person travel for purposes including but not limited to new hire onboarding, team and department offsites, customer engagements, and other company events.</li>\n</ul>\n<p>This role is based in our Boston office and follows a hybrid model, with an expectation of being onsite 1-2 days per week.</p>\n<p style=\"margin-top:24px;font-size:13px;color:#666;\">XML job scraping automation by <a href=\"https://yubhub.co\">YubHub</a></p>","url":"https://yubhub.co/jobs/job_aff17a60-097","directApply":true,"hiringOrganization":{"@type":"Organization","name":"Starburst","sameAs":"https://www.starburst.io/","logo":"https://logos.yubhub.co/starburst.io.png"},"x-apply-url":"https://job-boards.greenhouse.io/starburst/jobs/5119301008","x-work-arrangement":"hybrid","x-experience-level":"mid","x-job-type":"full-time","x-salary-range":"$130,000-$170,000 USD","x-skills-required":["CI/CD tooling","Git-based workflows","modern development practices","cloud security concepts","application security tools","secure coding principles","API security","authentication","authorization","secrets management"],"x-skills-preferred":["Python","Go","Java","JavaScript/Typescript","Ruby"],"datePosted":"2026-04-18T15:51:05.628Z","jobLocation":{"@type":"Place","address":{"@type":"PostalAddress","addressLocality":"Boston, MA"}},"employmentType":"FULL_TIME","occupationalCategory":"Engineering","industry":"Technology","skills":"CI/CD tooling, Git-based workflows, modern development practices, cloud security concepts, application security tools, secure coding principles, API security, authentication, authorization, secrets management, Python, Go, Java, JavaScript/Typescript, Ruby","baseSalary":{"@type":"MonetaryAmount","currency":"USD","value":{"@type":"QuantitativeValue","minValue":130000,"maxValue":170000,"unitText":"YEAR"}}}]}