Senior Application Security Engineer
Denver
Applications have closed
AgentSync
AgentSync's insurance compliance software automatically enforces state producer licensing and appointment regulatory requirements. See how our modern insurance compliance solutions can benefit you.AgentSync is expanding our Information Security team with an Application Security engineer. We are seeking an experienced and passionate individual with deep expertise in code security standards, CI/CD pipeline security, and tools automation. You will be foundational in driving security initiatives that will help us establish a bug bounty program, identify and implement code security tooling, and establish a secure pipeline. In this role you will identify tools, processes, and solutions to help identify, track, and provide guidance on security vulnerabilities and architectural flaws related to our product code. This role involves both commercial tools and the development of custom tools or scripts, testing of software, development of scalable processes, and collaborating with engineering teams to improve our security posture. This is an exciting opportunity, for the right candidate, to build a program in a founding role with our Security Team
As an application security engineer with AgentSync you will ensure that every step of the software development lifecycle (SDLC) follows security best practices. You are also responsible for adhering to secure coding principles and aid in testing the application against security risks before release. You will work with engineering teams across AgentSync and its products running on a number of different technology stacks to establish and implement code and pipeline security across all of AgentSyncs products.
What you’ll do:
- Take a leadership role in driving internal security initiatives
- Collaborate with internal teams to assist in CI/CD pipeline design, threat modeling, and reviewing code security
- Drive SDLC best standards, including tracking and reporting adoption of secure development best practices.
- Plan, build, automate, and operate automated security review capabilities including static and dynamic code analysis across multiple technology stacks and languages
- Develop and update application security standards, secure coding principles, and threat modeling processes.
- Be a champion for security, exercise risk-based judgments, and prioritize remediation work
Your experience:
- 6+ years combined, hands-on experience in software development and/or application security engineering
- The ideal candidate understands how to work in a startup environment where teams are juggling multiple priorities and timelines, is a good communicator, persuasive, analytical, and is knowledgeable in application development.
- Experience with at least one general purpose programming language: Java, Go, Python, etc.
- Experience managing a wide array of application security issues and judging the security risks via threat models and code review
- Experience regularly working with development team leads and Directors in crafting and developing their customer facing applications
- Experience with Application Security tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA).
- Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies
We encourage you to apply even if you don’t meet every requirement listed here. We know that every person has unique strengths, and we focus on hiring for those strengths, rather than looking for someone who meets every bullet point listed.
About us:
AgentSync is a powerful, easy-to-use Compliance as a Service solution, directly integrating regulatory database sources of truth (i.e. NIPR, FINRA) with core business systems (i.e. Salesforce) so we can automate the critical business processes associated with these compliance requirements.
We’re a new-school solution tackling an age-old, ubiquitous problem with smart technology and automation in a market full of inefficient, high-cost solution options - spreadsheets, manual processes, legacy software, more headcount, outsourcing, etc.
Salary:
In accordance with Colorado law, the following represents AgentSync’s reasonable estimate of the range of possible compensation for this role, if hired in Colorado.
Denver/Boulder Metro
$155,000 - $190,000
Additionally, this role is eligible to participate in AgentSync’s equity program.
100% Company Paid Healthcare Insurance (for you and dependents)
- Medical
- Dental
- Vision
Financial Benefits
- 401(k) retirement savings plan
Other Benefits
- Unlimited PTO
- 12 paid holidays per year
- 12 weeks 100% paid parental leave and $4,000 return to work childcare stipend
Tags: Agile Application security Automation CI/CD Code analysis Compliance DAST DevSecOps Java Python SAST SDLC Vulnerabilities
Perks/benefits: Equity Health care Medical leave Parental leave Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs