[Remote] Senior Application Security Engineer [Remote-US]
Note: The job is a remote job and is open to candidates in USA. Quanata is on a mission to help ensure a better world through context-based insurance solutions. As a Senior Application Security Engineer, you will partner with web and backend engineering teams to embed security best practices throughout the software development lifecycle, conduct threat modeling, and support secure design and development practices.
Responsibilities
- Partner with one product portfolio to facilitate overall product security management, emphasis on AI/ML-specific security concerns and cross-functional work with data science teams
- Perform security design reviews and threat modeling on APIs, web features, and service integrations, including integrating SAST, SCA, and DAST tools into CI/CD pipelines
- Support secure development practices across security champions and engineering
- Review source code and deployment configurations for security vulnerabilities
- Collaborate with developers to triage, fix, and validate vulnerability findings
- Participate in cross-functional incident response and remediation planning
- Draft and maintain AppSec guidance for engineering teams and security champions
- Contribute to security awareness and enablement across the engineering org
- Develop AppSec related integrations and deployments of automation solutions (ASVS scanning, burpsuite enterprise)
- Support application security integration reviews, saas security assessments, oss reviews
Skills
- Bachelor's degree or equivalent relevant experience
- 6 - 8 years of experience in application security or full-stack development with security expertise
- Strong understanding of secure coding in JavaScript/TypeScript, Node.js, and web standards
- Familiar with application risk and vulnerabilities (OWASP Top 10, API Security, SSRF, etc.)
- Experience with code scanning tools (e.g., CodeQL, Semgrep, SonarQube, Snyk)
- Comfortable reading and debugging complex codebases across the stack
- Clear and thoughtful communicator with the ability to guide engineers at all levels
- Working concepts of offensive security testing such as pentesting or bug bounties
- Experience with GraphQL security
- Participation in security champions programs or secure SDLC rollouts
- Contributions to open-source security tooling
- Familiarity with infrastructure-as-code and container security
Benefits
- Medical, dental, vision, life insurance and supplemental income plans for you and your dependents
- A Headspace app subscription
- Monthly wellness allowance
- A 401(k) Plan with a company match
- A one-time payment of $2K will be provided to cover the purchase of in-home office equipment and furniture at your discretion
- MacBook Pros, which we will deliver to you fully provisioned prior to your first day
- All employees accrue four weeks of PTO in their first year of employment
- New parents receive twelve weeks of fully paid parental leave which may be taken within one year after the birth and/or adoption of a child
- The twelve weeks is applicable to both birthing and non-birthing parent
- All employees receive up to $5000 each year for professional learning, continuing education and career development
- All team members also receive LinkedIn Learning subscriptions and access to multiple different coaching opportunities through BetterUp
Company Overview
Company H1B Sponsorship