Overview
Remote
On Site
USD60 - USD80 per hour, Benefits: $60-80/hr
Full Time
Skills
Engineer
Engineering
Job Details
Sr. Application Security Engineer
Our Cybersecurity group is responsible for safeguarding systems, networks, and data from evolving threats. This team plays a central role in building secure-by-default practices into our products and ensuring that developers and end users alike benefit from built-in protection at every layer. We're looking for a Senior Application Security Engineer to help embed security principles throughout the software development life cycle (SDLC). This person will take the lead in shaping secure development standards, implementing tooling, and partnering closely with engineering teams to ensure robust and resilient applications are delivered from day one. This role is essential to strengthening our application security capabilities and fostering a culture of security across technical and product teams.
Scope:
Embed Security in Development: Guide the incorporation of secure design practices throughout the SDLC, including architecture planning, secure coding, and deployment phases.
Lead Security Projects: Oversee key efforts like formalizing secure coding standards, improving testing strategies, and evolving internal best practices.
Automate & Scale Security Testing: Manage and fine-tune security tools such as SAST, DAST, SCA, and IAST, integrating them into CI/CD environments for continuous feedback loops.
Conduct Deep-Dive Reviews: Drive threat modeling, perform security assessments, and carry out both automated and hands-on code evaluations.
Mentor & Advocate: Share knowledge across engineering teams, act as a security coach, and assist in promoting awareness and responsibility for security across the org.
Required:
Bachelor s degree in a related technical field (e.g., Computer Science, Security Engineering), or equivalent professional background
Minimum of 7 years working directly in application security roles
Practical experience with threat modeling, code analysis, penetration testing, and vulnerability remediation
Strong familiarity with at least one modern programming language (e.g., Java, JavaScript, Kotlin)
Solid understanding of common security tools (e.g., WAF, SAST, DAST, IAST, SCA) and how they integrate into development workflows
Pluses:
Demonstrated success building or maturing application security programs
Cloud security experience, especially in Google Cloud (Google Cloud Platform) or equivalent platforms
Deep understanding of OWASP Top 10, SANS 25, and other core vulnerability frameworks
Experience developing or delivering internal security training sessions
Industry certifications such as CISSP, CSSLP, GWEB, GWAPT, OSCP
Familiarity with Kubernetes, Docker, or security for infrastructure-as-code (IaC)
Estimated Min Rate: $60.00
Estimated Max Rate: $80.00
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship, potentially resulting in the withdrawal of a conditional offer of employment.
Our Cybersecurity group is responsible for safeguarding systems, networks, and data from evolving threats. This team plays a central role in building secure-by-default practices into our products and ensuring that developers and end users alike benefit from built-in protection at every layer. We're looking for a Senior Application Security Engineer to help embed security principles throughout the software development life cycle (SDLC). This person will take the lead in shaping secure development standards, implementing tooling, and partnering closely with engineering teams to ensure robust and resilient applications are delivered from day one. This role is essential to strengthening our application security capabilities and fostering a culture of security across technical and product teams.
Scope:
Embed Security in Development: Guide the incorporation of secure design practices throughout the SDLC, including architecture planning, secure coding, and deployment phases.
Lead Security Projects: Oversee key efforts like formalizing secure coding standards, improving testing strategies, and evolving internal best practices.
Automate & Scale Security Testing: Manage and fine-tune security tools such as SAST, DAST, SCA, and IAST, integrating them into CI/CD environments for continuous feedback loops.
Conduct Deep-Dive Reviews: Drive threat modeling, perform security assessments, and carry out both automated and hands-on code evaluations.
Mentor & Advocate: Share knowledge across engineering teams, act as a security coach, and assist in promoting awareness and responsibility for security across the org.
Required:
Bachelor s degree in a related technical field (e.g., Computer Science, Security Engineering), or equivalent professional background
Minimum of 7 years working directly in application security roles
Practical experience with threat modeling, code analysis, penetration testing, and vulnerability remediation
Strong familiarity with at least one modern programming language (e.g., Java, JavaScript, Kotlin)
Solid understanding of common security tools (e.g., WAF, SAST, DAST, IAST, SCA) and how they integrate into development workflows
Pluses:
Demonstrated success building or maturing application security programs
Cloud security experience, especially in Google Cloud (Google Cloud Platform) or equivalent platforms
Deep understanding of OWASP Top 10, SANS 25, and other core vulnerability frameworks
Experience developing or delivering internal security training sessions
Industry certifications such as CISSP, CSSLP, GWEB, GWAPT, OSCP
Familiarity with Kubernetes, Docker, or security for infrastructure-as-code (IaC)
Estimated Min Rate: $60.00
Estimated Max Rate: $80.00
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit https://www.yoh.com/applicants-with-disabilities to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship, potentially resulting in the withdrawal of a conditional offer of employment.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.