[Remote] Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)

Note: The job is a remote job and is open to candidates in USA. AuditBoard is a leading audit, risk, ESG, and InfoSec platform that has surpassed $300M ARR. They are seeking a passionate and experienced Sr. Application Security/Product Security Engineer to work alongside product and engineering teams to develop secure and resilient software for security-conscious customers, focusing on implementing security best practices throughout the software development life cycle.

Responsibilities

• Working with product and engineering teams to implement security throughout the design and development process
• Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes
• Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team
• Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime
• Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices
• Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs
• Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions
• Assisting with Security Compliance activities as required
• Assisting with investigation and response to security incidents and web application attacks as necessary

Skills

• 5+ years of experience developing or securing web-based applications
• Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
• Experience with leading threat modeling and secure design reviews
• Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus
• Docker & Kubernetes
• Excellent organization, time management, and attention to detail
• Must be action-oriented and have a proactive and collaborative approach to solving issues
• Participates in the design review process, seeking and providing constructive criticism
• Provides significant input into system architecture, considers scalability and performance
• Communicates technical decisions through design docs, tech talks, and the wiki
• Provides mentorship and technical guidance to junior and mid-level engineers
• Ability to work within an on-call shift rotation
• Experience working on SaaS web applications
• Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
• Experience with building and securing CICD pipelines and incorporating supply chain security best practices
• Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
• Experience coordinating bug bounty and penetration testing engagements
• Leveraging, building and securing AI coding assistants, agents, and product solutions
• BS in Computer Science (or equivalent experience)

Benefits

• $200/mo for anything that enhances your life
• Comprehensive employee health coverage (all locations)
• 401K with match (US) or pension with match (UK)
• Competitive compensation & bonus program
• Flexible Vacation (US exempt & CA) or 25 days (UK)
• Time off for your birthday & volunteering
• Employee resource groups
• Opportunities for team and company-wide get-togethers!

Company Overview

• AuditBoard develops a cloud-based audit automation platform that specializes in transforming economic governance within business sectors. It was founded in 2014, and is headquartered in Cerritos, California, USA, with a workforce of 501-1000 employees. Its website is https://www.auditboard.com.

Company H1B Sponsorship

• AuditBoard has a track record of offering H1B sponsorships, with 1 in 2025, 4 in 2024, 1 in 2023, 1 in 2022. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job