Security Engineer — Application Security & Identity

Realchemistry · Boston - Massachusetts; Carmel - Indiana; Chicago - Illinois; Lambertville - New Jersey; Remote - USA · Engineering

Posted 2026-07-16

Apply for this role →

Security Engineer — Application Security & Identity

Function: Information Security

Reports to: Head of Security

Role Summary

Owns application security across multiple environments, each with increasing control and compliance requirements. Acts as reviewer for the least complex environments and co-reviewer for higher complexity and controlled environments. Defines and enforces security controls across AWS hosted workloads and GitHub based development pipelines while maintaining independent review authority.

Applications originate as AI-assisted prototypes and require structured security validation before enterprise production deployment.

This is a hybrid role, based in any of our US offices—including New York City, Boston, Chicago, Carmel, or San Francisco—or remotely within the US, depending on team and business needs.

Key Responsibilities

Conduct security reviews of Internally developed applications including:

Data flow validation

Security control design and implementation

Secrets handling

AI/LLM Data Loss Prevention (DLP)

Co-lead production readiness reviews for strictly governed environments:

Threat modeling

Hardening validation

Compliance mapping (SOC 2and contractual and regulatory requirements)

Define and enforce identity architecture:

Corporate identity: Entra ID

Workload identity: AWS IAM and GitHub OIDC

Define and manage GitHub native security controls:

GitHub Advanced Security (CodeQL / SAST)

Dependabot (dependency scanning)

Secret scanning

Branch protection and environment controls

Establish standards for security tooling:

SAST (CodeQL, Semgrep)

SCA (Dependabot, Snyk)

Container scanning (Trivy, ECR scanning)

Infrastructure as Code (IaC) policy (OPA, Sentinel, tfsec)

Define AWS security standards:

IAM design and least-privilege access

Logging and audit requirements

Secrets management and rotation

Scope and coordinate third-party penetration testing

Maintain audit logging maturity per environment requirements:

Baseline logging

User-level activity tracking

Tamper-evident audit trails with SIEM integration

Perform initial triage and risk classification within time requirements for critical issues identified in intake (data exposure, credentials, regulatory risk).

Partner with DevOps Engineering to ensure security policies are implemented in pipelines and infrastructure

AI Security & Usage Governance

Define approved AI providers and usage boundaries

Establish prompt data classification and handling policies

Enforce human-in-the-loop requirements where appropriate

Define cost/spend guardrails for AI services

Required Qualifications

5+ years (or 3–5+ in high-growth environments) in cloud security, 2 of which should be be focused application security

Hands-on security experience with:

AWS IAM

SAML / OIDC federation

GitHub security tooling

Experience with threat modeling and coordinating penetration testing

Familiarity with SOC 2, GDPR, and HIPAA-adjacent controls

In-depth understanding of the risk lifecycle

Preferred Qualifications

Experience securing GitHub-based CI/CD pipelines

Experience in AWS native environments

Exposure to regulated industries (GxP, 21 CFR Part 11)

Security certifications (CISSP, CCSP, OSCP, GIAC, etc.)

Associates degree or higher

Experience bringing low-code or AI-generated applications under enterprise security controls

Pay Range: $100,000-120,000

This is the pay range the Company believes it will pay for this position at the time of this posting.  Consistent with applicable law, compensation will be determined based on job-related, non-discriminatory factors including but not limited to work experience, skills, certifications, and geographical location. The Company reserves the right to modify this pay range at any time

Apply for this role →

← Back to all jobs