We've partnered up with ServiceTitan to transform the trades. Learn More

Scorpion Scorpion
Top
Senior Application Security Engineer

We have a big vision which is why we need you—an innovator and problem solver ready to revolutionize and empower businesses to succeed.

Job Overview

About the Senior Application Security Engineer role:
Scorpion is looking for an experienced Sr. Application Security Engineer to join our Information Security team!

As a Sr. Application Security Engineer, you will be responsible for the security of our applications and have the opportunity to proactively mature our Secure Development Lifecycle Program. This role will advise and guide the development teams on best practices as it relates to security automation through the use of products and services. Reporting directly to the Director of Information Security, this individual contributor role will be an integral part of our Information Security Team.

What You'll Do

Responsibilities:

  • Work closely with Developers in ensuring our proprietary software is secure.
  • Own and maintain the security aspect of the Software Development Lifecycle (SDLC) including partnering with development teams in the creation and maintenance of our application architecture plans, roadmaps, and designs.
  • Test the security of software by performing manual and automated source code reviews.
  • Drive development and adoption of application security standards, policies, and practices.
  • Manage scans to detect vulnerabilities in open source libraries and licensing non-compliance.
  • Build threat models for and perform application architectural risk assessments of internally developed products and systems.
  • Partner with Engineering teams to define and document application security requirements for Scorpion applications.
  • Educate engineering teams on secure coding techniques and security best practices.
  • Participate in the development of security policies, standards, and procedures.
  • Able to identify application vulnerabilities and advise on appropriate remediation.
  • Manage the annual application penetration test engagement with third-party firms.

What You'll Need

Education & Experience:

  • BS in Computer Science or similar degree, or the equivalent in technical certifications.
  • 8+ years of software development and/or application security experience.
  • Experience with security testing tools (BurpSuite, Zap, Kali, etc.).
  • Experience with Azure cloud infrastructure and security best practices.
  • Knowledge and understanding of OWASP & SANS identified common security coding flaws, threat modeling, automated & manual static security code analysis, and other application security best practices.
  • Strong experience with CI/CD pipelines.
  • Experience with the detection and mitigation of application vulnerabilities.
  • Experience with any of the following technologies: Containers, Kubernetes, Azure GIT, SAST/DAST, OSS tools.
  • Desired certifications: GWAPT, GPEN, OSCP, eWPT, and/or eCPPT.
  • Must have knowledge of application security best practices and implementation.
  • Must be able to tell the Recruiter a great joke.
Get Started

Start Making An Impact

Here’s how to apply. Please upload a single document containing your resume and cover letter. Include salary requirements and portfolio link (if applicable).

  • Please enter your first name.
  • Please enter your last name.
  • Please enter your phone number.
    This isn't a valid phone number.
  • Please enter your email address.
    This isn't a valid email address.
  • Please enter your address.
  • Please enter your LinkedIn Profile Link.
    Please enter a valid LinkedIn profile link.
Upload Your Document
We accept .pdf and .doc file types.