Senior Application Security Engineer

Denver

Applications have closed

AgentSync

AgentSync's insurance compliance software automatically enforces state producer licensing and appointment regulatory requirements. See how our modern insurance compliance solutions can benefit you.

View company page

AgentSync is expanding our Information Security team with an Application Security engineer. We are seeking an experienced and passionate individual with deep expertise in code security standards, CI/CD pipeline security, and tools automation. You will be foundational in driving security initiatives that will help us establish a bug bounty program, identify and implement code security tooling, and establish a secure pipeline. In this role you will identify tools, processes, and solutions to help identify, track, and provide guidance on security vulnerabilities and architectural flaws related to our product code. This role involves both commercial tools and the development of custom tools or scripts, testing of software, development of scalable processes, and collaborating with engineering teams to improve our security posture. This is an exciting opportunity, for the right candidate, to build a program in a founding role with our Security Team

As an application security engineer with AgentSync you will ensure that every step of the software development lifecycle (SDLC) follows security best practices. You are also responsible for adhering to secure coding principles and aid in testing the application against security risks before release. You will work with engineering teams across AgentSync and its products running on a number of different technology stacks to establish and implement code and pipeline security across all of AgentSyncs products.

What you’ll do:

  • Take a leadership role in driving internal security initiatives
  • Collaborate with internal teams to assist in CI/CD pipeline design, threat modeling, and reviewing code security
  • Drive SDLC best standards, including tracking and reporting adoption of secure development best practices.
  • Plan, build, automate, and operate automated security review capabilities including static and dynamic code analysis across multiple technology stacks and languages
  • Develop and update application security standards, secure coding principles, and threat modeling processes.
  • Be a champion for security, exercise risk-based judgments, and prioritize remediation work

Your experience:

  • 6+ years combined, hands-on experience in software development and/or application security engineering
  • The ideal candidate understands how to work in a startup environment where teams are juggling multiple priorities and timelines, is a good communicator, persuasive, analytical, and is knowledgeable in application development. 
  • Experience with at least one general purpose programming language: Java, Go, Python, etc.
  • Experience managing a wide array of application security issues and judging the security risks via threat models and code review
  • Experience regularly working with development team leads and Directors in crafting and developing their customer facing applications
  • Experience with Application Security tools such as Static Application Security Tests (SAST), Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA).
  • Functional understanding in tooling integrations that support agile, CI/CD, and DevSecOps methodologies

We encourage you to apply even if you don’t meet every requirement listed here. We know that every person has unique strengths, and we focus on hiring for those strengths, rather than looking for someone who meets every bullet point listed.

About us:

AgentSync is a powerful, easy-to-use Compliance as a Service solution, directly integrating regulatory database sources of truth (i.e. NIPR, FINRA) with core business systems (i.e. Salesforce) so we can automate the critical business processes associated with these compliance requirements.

We’re a new-school solution tackling an age-old, ubiquitous problem with smart technology and  automation in a market full of inefficient, high-cost solution options - spreadsheets, manual processes, legacy software, more headcount, outsourcing, etc.

Salary: 

In accordance with Colorado law, the following represents AgentSync’s reasonable estimate of the range of possible compensation for this role, if hired in Colorado.

Denver/Boulder Metro

$155,000 - $190,000 

Additionally, this role is eligible to participate in AgentSync’s equity program.

100% Company Paid Healthcare Insurance (for you and dependents)

  • Medical
  • Dental
  • Vision

Financial Benefits

  • 401(k) retirement savings plan

Other Benefits

  • Unlimited PTO
  • 12 paid holidays per year
  • 12 weeks 100% paid parental leave and $4,000 return to work childcare stipend

 

Tags: Agile Application security Automation CI/CD Code analysis Compliance DAST DevSecOps Java Python SAST SDLC Vulnerabilities

Perks/benefits: Equity Health care Medical leave Parental leave Startup environment Unlimited paid time off

Region: North America
Country: United States
Job stats:  7  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.