AppSec Engineer

📋 Description

• Architect secure AWS configurations (IAM, KMS, VPC)
• Embed security into CI/CD pipelines using policy-as-code tools
• Secure containers and orchestration environments (EKS, Kubernetes, Docker)
• Conduct threat modeling and risk-driven design reviews early in development
• Perform secure code reviews and SAST/SCA analysis with remediation oversight
• Build and extend in-house AppSec automation frameworks or tooling

🎯 Requirements

• 4+ years’ experience in application security engineering, DevSecOps, or security platform engineering
• Deep familiarity with CVSS, MITRE ATT&CK, OWASP Top 10 and CWE taxonomy
• Proven experience with AWS core services: IAM, KMS, VPC, EC2, RDS, EKS
• Hands-on expertise in securing IaC and CI/CD pipelines; policy-as-code tooling
• Container security experience: Docker, Kubernetes, EKS-related threat surfaces
• SAST/SCA tool proficiency; scripting automation (Python, Bash, PowerShell)

🎁 Benefits

• Remote-friendly (US)
• Stock options and health benefits from Day 1
• 401(k) plan with company match
• Flexible time off and growth opportunities