Application Security Engineer at Red Cell Partners

Andesite is seeking an Application Security Engineer to enhance their cybersecurity operations. The successful candidate will play a crucial role in securing software applications and cloud environments by identifying and mitigating vulnerabilities throughout the development lifecycle. This involves application threat modeling, source code review, and managing SAST/DAST/SCA tools. The role requires close collaboration with other departments to ensure applications, cloud initiatives, and DevSecOps are secure and compliant.

Responsibilities:

• Proactively identify security weaknesses during design, development, testing, and deployment phases.
• Analyze application components, data flows, and trust boundaries to anticipate potential threats.
• Manage and maintain SAST, DAST, and SCA tooling.
• Conduct manual and automated code reviews.
• Develop and maintain custom scripts and tools to automate security tasks.
• Enforce least privilege, secure network architectures, and strong identity and access controls across cloud accounts and services.
• Monitor computer networks and systems with SIEM to identify vulnerabilities and respond to security threats and attacks.
• Support with scanning, tracking, and remediating security vulnerabilities across systems and applications.
• Provide training, documentation, and hands-on guidance to developers and engineers.

Requirements:

• 4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
• 2+ years of hands-on experience securing cloud-native applications and infrastructure.
• Deep understanding of secure design principles, threat modeling, and software risk assessment.
• Proficient in at least one programming language.
• Strong knowledge of secure coding practices.
• Experience writing scripts or tools to automate security tasks.
• Expert understanding of OWASP Top 10, CWE/SANS Top 25, and other software security standards.
• Familiarity with SAST, DAST, and SCA AppSec tools.
• In-depth experience with at least one major cloud platform (AWS, Azure, or GCP).
• Hands-on experience implementing cloud security controls.
• Understanding of cloud compliance frameworks (e.g., PCI DSS, CIS benchmarks, NIST, SOC 2, ISO 27001).

What Andesite Offers:

• Competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance
• Unlimited PTO
• Flexible work environment
• Remote-first environment
• 14 weeks of fully-paid parental leave