You will work closely with engineering teams to integrate security into the software development lifecycle, build secure-by-default patterns, and ensure that products are resilient against modern threats.

This role combines hands-on technical work, security engineering, and collaboration with developers to guide secure design and remediation.

You will help implement security controls, perform assessments, and contribute to the continuous improvement of our security program.

Key responsibilities include:

• Integrating application security best practices into the development lifecycle by partnering with engineering teams and enabling automated security checks within CI/CD pipelines.

• Supporting and maintaining Application Security based tooling,including SAST, DAST, SCA, and secrets scanning,and helping developers interpret and remediate findings.

• Conducting secure code reviews, threat modeling sessions, and application architecture assessments to identify risks and propose mitigation strategies.

• Developing and maintaining security automation, guardrails, and reusable components.

• Assisting in defining and improving secure coding standards and application hardening practices.

• Supporting monitoring and detection efforts by helping improve application-level logging, telemetry, and alerting.

• Assisting in incident response activities related to application vulnerabilities, including verification, triage, and remediation support.

• Staying current on emerging threats, vulnerabilities, and best practices in application and product security.

• Contributing to documentation including security requirements, guidelines, and remediation playbooks.

• Participating in internal security reviews, compliance-driven assessments, and architectural walkthroughs.

• Developing and helping maintain existing application security tools, pipelines, and workflows.

• Collaborating with engineering and product teams to ensure secure deployment and continuous improvement of applications.

Requirements include:

• A bachelor’s degree in Computer Science, Engineering, MIS, or equivalent practical experience.

• 2–5 years of experience in application security, product security, software engineering with a security focus, or a related technical role.

• Strong understanding of application vulnerabilities and mitigation strategies (OWASP Top 10, CWE).

• Experience with CI/CD tooling, Git-based workflows, and modern development practices.

• Familiarity with cloud security concepts and hands-on experience with at least one cloud platform (AWS, Azure, or GCP).

• Experience with one or more programming languages such as Python, Go, Java, JavaScript/Typescript, or Ruby. (Java and Python preferred.)

• Experience with application security tools such as OWASP ZAP, Burp Suite, SAST/DAST tools, SCA, or dependency scanning.

• Knowledge of secure coding principles, API security, authentication, authorization, and secrets management.

• Strong problem-solving skills and the ability to communicate technical issues clearly to developers and cross-functional stakeholders.

• Understanding of agile development processes and working within engineering teams.

• Ability to Travel: This role will require 25% in-person travel for purposes including but not limited to new hire onboarding, team and department offsites, customer engagements, and other company events.

This role is based in our Boston office and follows a hybrid model, with an expectation of being onsite 1-2 days per week.

XML job scraping automation by YubHub