Application Security Engineer

Technology · Colorado Springs, Colorado
Department Technology
Employment Type Full-Time (US)
Minimum Experience Experienced

SoHo Dragon represents a Fortune 500 Financial Technology firm with offices in Sunnyvale and Colorado Springs that needs to hire an Application Security Engineer.

    • Sunnyvale or Colorado Springs (100% remote, but near an office if need be)

What you will do as an Application Security Engineer:

  • Develop, configure and implement tooling to support DevSecOps processes including SAST, DAST, IAST, and SCA, in partnership with DevOps.
  • Establish application security standards and guidelines for developers.
  • Establish and audit cloud infrastructure security standards.
  • Evaluate application architectures for security related concerns.
  • Champion and enable security-related activities in the software engineering process (e.g., threat modeling, secure coding practices).
  • Assess infrastructure, web and application environments to help identify, and prioritize risks and vulnerabilities.
  • Manage vulnerability backlog, partnering with Product and Engineering to ensure issues are addressed in accordance with SLA.
  • Perform and/or facilitate external audit of cloud architecture specific to security.
  • Perform red team exercises, including internal pen-tests on web applications and infrastructure, and internal social engineering exercises.


Basic Qualifications for Consideration:


  • 5+ years of experience in application security ideally from a software or architecture background.
  • Strong understanding of SAST, IAST, DAST, and SCA tooling in support of DevSecOps.
  • Significant experience with securing cloud architectures preferably in GCP.
  • Experience with performing security architecture and design reviews.
  • Experience implementing a vulnerability management program.
  • Experience with coding/scripting.
  • Experience with threat modeling (STRIDE, DREAD, etc.)
  • Demonstrable experience building strong working relationships with Product, Engineering, Infosec, and GRC.
  • Experience with running or participating in bug bounty programs.

Thank You

Your application was submitted successfully.

  • Location
    Colorado Springs, Colorado
  • Department
  • Employment Type
    Full-Time (US)
  • Minimum Experience