Staff Application Security Engineer partnering with product and engineering teams for secure architecture. Building systems to handle sensitive data for healthcare providers.
About the role
- Security Engineer at Insulet enhancing DevSecOps capabilities and integrating security into software development lifecycle. Collaborating with engineering and compliance teams on application security tasks.
Responsibilities
- Implement and operationalize a Secure Software Development Lifecycle (SSDLC) across products, including defining processes, controls, and security checkpoints in collaboration with cross‑functional teams.
- Execute and scale automated application security testing in CI/CD pipelines, including: Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) Software Composition Analysis (SCA) API and runtime security testing
- Triage, validate, and prioritize security findings, reduce false positives, and partner with engineering teams to drive effective remediation.
- Perform hands‑on application security activities, including threat modeling, secure design reviews, code reviews, and targeted security testing aligned to OWASP Top 10 and CWE Top 25 risks.
- Support vulnerability disclosure and bug bounty programs, including intake, validation, coordination, and remediation tracking.
- Contribute to application security awareness and training, helping developers understand secure coding practices and common vulnerability patterns.
- Develop and maintain application security metrics and dashboards, providing a consolidated (“single pane of glass”) view of risk posture through automation.
- Research emerging technologies, frameworks, and attack techniques and assess their applicability and risk to current and future products.
- Collaborate with Quality, Regulatory, Legal, Privacy, Compliance, Architecture, and Product Development teams to ensure security is designed in, verified during development, and managed in production.
- Support cybersecurity documentation and evidence required for regulatory submissions in regulated product environments.
Requirements
- Bachelor’s degree in information security or computer science, or equivalent practical experience.
- 3–5 years of experience in cybersecurity with a strong focus on application security, product security, or DevSecOps.
- Hands‑on experience with tooling, such as: SAST, DAST, SCA, IAST, and API testing tools
- Demonstrated ability to identify, validate, and explain OWASP Top 10 and CWE Top 25 vulnerabilities.
- Experience integrating security testing into CI/CD pipelines and modern development workflows.
- Familiarity with vulnerability disclosure and bug bounty programs.
- Working knowledge of at least one common programming language (e.g., C, C++, Java, .NET, Python, or similar).
- Understanding of threat modeling, attack surfaces, common exploit classes, and frameworks such as MITRE ATT&CK.
- Strong written and verbal communication skills, with the ability to translate security risks into clear, actionable guidance for technical and non‑technical audiences.
Benefits
- Health insurance
- Paid time off
- Flexible work arrangements
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Field Application Engineer at Arrow Electronics creating technical solutions while engaging with clients and driving demand creation. Responsible for technical leadership and collaboration with sales teams.
Senior Applications and Solutions Engineer providing technical support for Intel Foundry Services to ensure successful ASIC tape - outs. Drive customer success through advanced CMOS process implementation and design flow optimization.
AI Application Engineer responsible for designing and deploying software applications to enhance business processes at Great American Insurance Group. Collaborate with teams and provide technical support to ensure system efficiency.
Field Application Engineer at Thales working on product integration and technical inquiries. Collaborating with sales, customers, and internal teams to drive innovation and technical solutions.
Sr. Application Engineer providing technical support for Black Duck Software products. Acting as a trusted advisor resolving complex issues and collaborating with top - tier developers.
Customer Success Application Engineer ensuring customer qualification of storage technologies. Collaborate with internal teams and customers for technical solutions and support on product requirements.
Applikationsingenieur für die Zementindustrie zuständig für Kundenbeziehungen, Marktanalysen, und technische Beratung. Arbeiten und Projekte in Zusammenarbeit mit Produktionswerken.
Application Engineer focusing on gas spring application and integration at Stabilus. Collaborating with customers and teams for technical guidance and process improvements.
Sales & Applications Engineering Manager overseeing a team and developing proposals for pharmaceutical freeze - driers. Collaborating with sales and engineering for high - quality applications support.