Senior Application Security Engineer
Remote · United States or US
Job Summary
Senior Application Security Engineer responsible for owning the application security program end to end within RegScale, acting as the primary application security practitioner across engineering teams, guiding risk-based strategy, embedding security into architecture and product design, coaching developers on secure coding, integrating security tooling into CI/CD, managing vulnerabilities, coordinating penetration testing, and aligning security with compliance requirements (FedRAMP, NIST, CMMC) for enterprise and government customers.
Required Qualifications
- 10 or more years of application security experience with a demonstrated track record of owning security programs and driving initiatives end to end across complex engineering organizations
- Deep expertise across the application security domain including threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development practices
- Proven ability to operate as a solo practitioner or small team lead, setting priorities independently, managing competing demands, and delivering outcomes without close supervision
- Strong experience influencing engineering teams without direct authority, building credibility through technical depth, clear communication, and practical solutions that fit the realities of product delivery
- Experience integrating security into CI/CD pipelines and modern software delivery practices, with a shift left mindset that prioritizes prevention over detection
- Solid understanding of cloud security principles and how application security intersects with infrastructure security in a cloud native environment
- Strong written and verbal communication skills, able to articulate security risk, strategy, and tradeoffs clearly to engineering teams, leadership, and stakeholders including customers and auditors
Additional Requirements
- US citizenship required
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.