Sr. Application Security Engineer
Our Cybersecurity group is responsible for safeguarding systems, networks, and data from evolving threats. This team plays a central role in building secure-by-default practices into our products and ensuring that developers and end users alike benefit from built-in protection at every layer. We're looking for a Senior Application Security Engineer to help embed security principles throughout the software development life cycle (SDLC). This person will take the lead in shaping secure development standards, implementing tooling, and partnering closely with engineering teams to ensure robust and resilient applications are delivered from day one. This role is essential to strengthening our application security capabilities and fostering a culture of security across technical and product teams.
Scope:
* Embed Security in Development: Guide the incorporation of secure design practices throughout the SDLC, including architecture planning, secure coding, and deployment phases.
* Lead Security Projects: Oversee key efforts like formalizing secure coding standards, improving testing strategies, and evolving internal best practices.
* Automate & Scale Security Testing: Manage and fine-tune security tools such as SAST, DAST, SCA, and IAST, integrating them into CI/CD environments for continuous feedback loops.
* Conduct Deep-Dive Reviews: Drive threat modeling, perform security assessments, and carry out both automated and hands-on code evaluations.
* Mentor & Advocate: Share knowledge across engineering teams, act as a security coach, and assist in promoting awareness and responsibility for security across the org.
Required:
* Bachelor's degree in a related technical field (e.g., Computer Science, Security Engineering), or equivalent professional background
* Minimum of 7 years working directly in application security roles
* Practical experience with threat modeling, code analysis, penetration testing, and vulnerability remediation
* Strong familiarity with at least one modern programming language (e.g., Java, JavaScript, Kotlin)
* Solid understanding of common security tools (e.g., WAF, SAST, DAST, IAST, SCA) and how they integrate into development workflows
Pluses:
* Demonstrated success building or maturing application security programs
* Cloud security experience, especially in Google Cloud (GCP) or equivalent platforms
* Deep understanding of OWASP Top 10, SANS 25, and other core vulnerability frameworks
* Experience developing or delivering internal security training sessions
* Industry certifications such as CISSP, CSSLP, GWEB, GWAPT, OSCP
* Familiarity with Kubernetes, Docker, or security for infrastructure-as-code (IaC)
Estimated Min Rate: $60.00
Estimated Max Rate: $80.00
Note: Any pay ranges displayed are estimations. Actual pay is determined by an applicant's experience, technical expertise, and other qualifications as listed in the job description. All qualified applicants are welcome to apply.
Yoh, a Day & Zimmermann company, is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Visit https://www.yoh.com/applicants-with-disabilities
to contact us if you are an individual with a disability and require accommodation in the application process.
For California applicants, qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. All of the material job duties described in this posting are job duties for which a criminal history may have a direct, adverse, and negative relationship, potentially resulting in the withdrawal of a conditional offer of employment.
YOH Services LLC
May 10, 2025