Security Engineer — Application Security & Identity
Security Engineer — Application Security & Identity
Function: Information Security
Reports to: Head of Security
Role Summary
Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority.
Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment.
This is a hybrid role, based in any of our US offices—including New York City, Boston, Chicago, Carmel, or San Francisco—or remotely within the US, depending on team and business needs.
Key Responsibilities
Conduct security reviews of Internally developed applications including:
Data flow validation
Security control design and implementation
Secrets handling
AI/LLM Data Loss Prevention (DLP)
Co-lead production readiness reviews for strictly governed environments:
Threat modeling
Hardening validation
Compliance mapping (SOC 2and contractual and regulatory requirements)
Define and enforce identity architecture:
Corporate identity: Entra ID
Workload identity: AWS IAM and GitHub OIDC
Define and manage GitHub native security controls:
GitHub Advanced Security (CodeQL / SAST)
Dependabot (dependency scanning)
Secret scanning
Branch protection and environment controls
Establish standards for security tooling:
SAST (CodeQL, Semgrep)
SCA (Dependabot, Snyk)
Container scanning (Trivy, ECR scanning)
Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)
Define AWS security standards:
IAM design and least-privilege access
Logging and audit requirements
Secrets management and rotation
Scope and coordinate third-party penetration testing
Maintain audit logging maturity per environment requirements:
Baseline logging
User-level activity tracking
Tamper-evident audit trails with SIEM integration
Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).
Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure
AI Security & Usage Governance
Define approved AI providers and usage boundaries
Establish prompt data classification and handling policies
Enforce human-in-the-loop requirements where appropriate
Define cost/spend guardrails for AI services
Required Qualifications
5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be be focused application security
Hands-on security experience with:
AWS IAM
SAML / OIDC federation
GitHub security tooling
Experience with threat modeling and coordinating penetration testing
Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls
In-depth understanding of the risk lifecycle
Preferred Qualifications
Experience securing GitHub-based CI/CD pipelines
Experience in AWS native environments
Exposure to regulated industries (GxP, 21 CFR Part 11)
Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)
Associates degree or higher
Experience bringing low-code or AI-generated applications under enterprise security controls
Pay Range: $100,000-120,000
This is the pay range the Company believes it will pay for this position at the time of this posting. Consistent with applicable law, compensation will be determined based on job-related, non-discriminatory factors including but not limited to work experience, skills, certifications, and geographical location. The Company reserves the right to modify this pay range at any time