NO H1B-100% Remote Role-Senior Application Security Engineer
8 views
Skip to first unread message
Mohan Sai Ram Gurram
9:19 AM (7 hours ago) 9:19 AM
to c2c-requ...@googlegroups.com, 2c2...@googlegroups.com
Hello All,
Position: Senior Application Security Engineer
Location: 100% Remote
Duration: 6+Months Contract
US Citizens or GC holders or H4 EAD are eligible to apply
Job Description:
About the Role:
We are seeking a Senior Application Security Engineer to serve as a senior subject-matter expert in application security and to provide strong technical leadership and decision-making influence across the engineering organization.
This role is application-security–first, with intentional overlap into cloud and platform security where applications, identity, CI/CD, and infrastructure intersect. The role does not own infrastructure, security programs, or departmental priorities; however, it is accountable for driving application-security outcomes and influencing technical direction through deep expertise, partnership, and trusted advisory relationships.
At this level, the Senior Application Security Engineer operates with significant autonomy and broad scope, independently owning complex and ambiguous application security challenges end-to-end. The role is relied upon to guide high-impact security decisions across multiple teams, products, and services, ensuring outcomes align with business objectives and risk tolerance.
This is a senior individual contributor role with strong expectations for technical leadership, cross-team influence, mentorship, and independent judgment, rather than people management or formal program ownership.
What Success Looks Like
Success in this role means:
Senior Application Security Subject-Matter Expertise
You are a recognized internal authority in application security. You provide authoritative guidance on secure design, authentication and identity flows, API security, and cloud-native application risks. Engineering teams consistently rely on your judgment to make high-confidence security decisions in complex and high-impact scenarios.
Influence Within Security Programs
You play a leading, technical role within broader security programs by shaping technical approaches, standards, patterns, and best practices. You influence outcomes through expertise, credibility, and sustained cross-team collaboration rather than formal ownership or authority.
Trusted Advisor to Engineering, Product, & Infrastructure
You act as a trusted security advisor during design reviews, architecture discussions, and risk assessments across multiple teams. You help stakeholders understand security implications and tradeoffs, enabling informed decisions that balance risk, delivery velocity, and business needs.
Application-Centric Risk Identification
You identify, articulate, and contextualize security risks at the intersection of application code, identity and access, CI/CD pipelines, and cloud infrastructure. You are accountable for application security outcomes across multiple services and products, informing security prioritization by clearly surfacing risk tradeoffs and ensuring risks are visible, understood, and appropriately addressed.
Independent Ownership of Complex Problems
You independently own complex, ambiguous application security challenges with broad organizational impact. You define and drive practical solutions end-to-end, coordinating across multiple teams, products, and services to ensure consistent, high-quality security decisions at scale that align with business objectives and risk tolerance.
Threat-Informed Security Guidance
You apply adversarial thinking (threat modeling, attack-path analysis, and application-focused testing) to inform defensive improvements and strengthen real-world resilience across the application landscape.
Incident Response and Threat Hunting Support
You provide senior application security expertise during security incidents and targeted threat-hunting activities. You support investigation and containment by analyzing application behavior, attack paths, and root causes, partnering with detection, infrastructure, and response teams. You do not serve as a primary responder, but help ensure incidents are correctly understood, effectively resolved, and translated into durable security improvements.
Standards and Best-Practice Contribution
You make significant, sustained contributions to application security standards, guidance, and reusable patterns. You integrate these into engineering workflows and practices, helping mature security capabilities across the organization over time.
Clear Communication and Influence
You communicate risks, recommendations, standards, and progress clearly to senior engineers and security leadership, influencing technical decisions through clarity, technical credibility and sound judgment.
Cross-Team Mentorship and Capability Building
You actively mentor engineers and security partners across teams and disciplines, helping elevate application security knowledge, decision-making, and secure design practices. You act as a force multiplier. enabling others to identify risks, apply secure patterns, and make effective security tradeoffs independently.
Qualifications
Required
6+ years of experience in application or product security roles.
Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.
Deep experience securing web applications, APIs, WAF’s, customer identity platforms, and distributed systems.
Proven ability to review system designs, data flows, and identify architectural security risks.
Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
Solid understanding of cloud-native application architectures and CI/CD pipelines from an application-risk perspective.
Proven ability to design and maintain automated pipelines for SAST, DAST, SCA, secrets detection, etc.
Proficiency in one or more modern programming languages.
Preferred:
Experience assessing or threat modeling AI-powered features or LLM integrations, including risks such as prompt injection, data leakage, and abuse.
Experience with application-focused penetration testing or adversarial security testing.
Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.
Experience operating in regulated environments and aligning security practices with compliance requirements.
Relevant security certifications are a plus (e.g., OSWE, GWAPT, or CSSLP), but certifications are not a substitute for demonstrated application security impact.
Job Skills We’re Looking For
Web Application Security
Web Application Firewall (WAF)
OWASP
API Security
Customer Identity and Access Management (CIAM)
Continuous Integration/Continuous Delivery (CI/CD)
Cloud Security
Automation
Threat Modeling
Secure SDLC
Secure design review
Authorization models
Secrets management
Technical Skills / Aptitude
SAML
OIDC
CIAM
JWT
OAuth 2
SCA
SAST
DAST
CSPM
Node.js
React
Kubernetes
Terraform
Docker
JavaScript
Python
TypeScript
Position: Senior Application Security Engineer
Location: 100% Remote
Duration: 6+Months Contract
US Citizens or GC holders or H4 EAD are eligible to apply
Job Description:
About the Role:
We are seeking a Senior Application Security Engineer to serve as a senior subject-matter expert in application security and to provide strong technical leadership and decision-making influence across the engineering organization.
This role is application-security–first, with intentional overlap into cloud and platform security where applications, identity, CI/CD, and infrastructure intersect. The role does not own infrastructure, security programs, or departmental priorities; however, it is accountable for driving application-security outcomes and influencing technical direction through deep expertise, partnership, and trusted advisory relationships.
At this level, the Senior Application Security Engineer operates with significant autonomy and broad scope, independently owning complex and ambiguous application security challenges end-to-end. The role is relied upon to guide high-impact security decisions across multiple teams, products, and services, ensuring outcomes align with business objectives and risk tolerance.
This is a senior individual contributor role with strong expectations for technical leadership, cross-team influence, mentorship, and independent judgment, rather than people management or formal program ownership.
What Success Looks Like
Success in this role means:
Senior Application Security Subject-Matter Expertise
You are a recognized internal authority in application security. You provide authoritative guidance on secure design, authentication and identity flows, API security, and cloud-native application risks. Engineering teams consistently rely on your judgment to make high-confidence security decisions in complex and high-impact scenarios.
Influence Within Security Programs
You play a leading, technical role within broader security programs by shaping technical approaches, standards, patterns, and best practices. You influence outcomes through expertise, credibility, and sustained cross-team collaboration rather than formal ownership or authority.
Trusted Advisor to Engineering, Product, & Infrastructure
You act as a trusted security advisor during design reviews, architecture discussions, and risk assessments across multiple teams. You help stakeholders understand security implications and tradeoffs, enabling informed decisions that balance risk, delivery velocity, and business needs.
Application-Centric Risk Identification
You identify, articulate, and contextualize security risks at the intersection of application code, identity and access, CI/CD pipelines, and cloud infrastructure. You are accountable for application security outcomes across multiple services and products, informing security prioritization by clearly surfacing risk tradeoffs and ensuring risks are visible, understood, and appropriately addressed.
Independent Ownership of Complex Problems
You independently own complex, ambiguous application security challenges with broad organizational impact. You define and drive practical solutions end-to-end, coordinating across multiple teams, products, and services to ensure consistent, high-quality security decisions at scale that align with business objectives and risk tolerance.
Threat-Informed Security Guidance
You apply adversarial thinking (threat modeling, attack-path analysis, and application-focused testing) to inform defensive improvements and strengthen real-world resilience across the application landscape.
Incident Response and Threat Hunting Support
You provide senior application security expertise during security incidents and targeted threat-hunting activities. You support investigation and containment by analyzing application behavior, attack paths, and root causes, partnering with detection, infrastructure, and response teams. You do not serve as a primary responder, but help ensure incidents are correctly understood, effectively resolved, and translated into durable security improvements.
Standards and Best-Practice Contribution
You make significant, sustained contributions to application security standards, guidance, and reusable patterns. You integrate these into engineering workflows and practices, helping mature security capabilities across the organization over time.
Clear Communication and Influence
You communicate risks, recommendations, standards, and progress clearly to senior engineers and security leadership, influencing technical decisions through clarity, technical credibility and sound judgment.
Cross-Team Mentorship and Capability Building
You actively mentor engineers and security partners across teams and disciplines, helping elevate application security knowledge, decision-making, and secure design practices. You act as a force multiplier. enabling others to identify risks, apply secure patterns, and make effective security tradeoffs independently.
Qualifications
Required
6+ years of experience in application or product security roles.
Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.
Deep experience securing web applications, APIs, WAF’s, customer identity platforms, and distributed systems.
Proven ability to review system designs, data flows, and identify architectural security risks.
Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
Solid understanding of cloud-native application architectures and CI/CD pipelines from an application-risk perspective.
Proven ability to design and maintain automated pipelines for SAST, DAST, SCA, secrets detection, etc.
Proficiency in one or more modern programming languages.
Preferred:
Experience assessing or threat modeling AI-powered features or LLM integrations, including risks such as prompt injection, data leakage, and abuse.
Experience with application-focused penetration testing or adversarial security testing.
Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.
Experience operating in regulated environments and aligning security practices with compliance requirements.
Relevant security certifications are a plus (e.g., OSWE, GWAPT, or CSSLP), but certifications are not a substitute for demonstrated application security impact.
Job Skills We’re Looking For
Web Application Security
Web Application Firewall (WAF)
OWASP
API Security
Customer Identity and Access Management (CIAM)
Continuous Integration/Continuous Delivery (CI/CD)
Cloud Security
Automation
Threat Modeling
Secure SDLC
Secure design review
Authorization models
Secrets management
Technical Skills / Aptitude
SAML
OIDC
CIAM
JWT
OAuth 2
SCA
SAST
DAST
CSPM
Node.js
React
Kubernetes
Terraform
Docker
JavaScript
Python
TypeScript
Reply all
Reply to author
Forward
0 new messages