Contact
Telegram

Senior Application Security Engineer

Vivid Resourcing United State
Remote
This Job is No Longer Active This position is no longer accepting applications

Job Description


About the Role

We are seeking an experienced Senior Application Security Engineer to strengthen our financial technology and cloud platforms’ security posture. You will be responsible for designing, implementing, and maintaining security solutions that protect sensitive financial data, support regulatory compliance, and enable secure software development practices across distributed systems.

This position is fully remote, supporting cross-functional teams across development, infrastructure, compliance, and risk management. The ideal candidate combines deep technical expertise with strong communication skills and the ability to collaborate effectively in a high-trust, high-regulation environment.


Key Responsibilities

  • Secure Software Development Lifecycle (SSDLC):
  • Integrate security best practices into every phase of the software development process from design reviews to deployment.
  • Application Threat Modeling & Testing:
  • Conduct threat modeling, static/dynamic code analysis (SAST/DAST), and manual security assessments on internal and external applications.
  • Vulnerability Management:
  • Identify, triage, and remediate vulnerabilities across cloud and on-prem systems; work with development teams to ensure timely resolution.
  • Cloud & Infrastructure Security:
  • Implement security controls across AWS/Azure environments; enforce least privilege, encryption, and network segmentation.
  • Automation & Security-as-Code:
  • Build and maintain automated security tooling in CI/CD pipelines using Terraform, Ansible, Python, or PowerShell.
  • Container & Microservice Security:
  • Harden containerized environments (Docker, Kubernetes) and establish runtime protection and compliance baselines.
  • Compliance & Governance:
  • Ensure adherence to SOX, GLBA, PCI-DSS, ISO 27001, and internal audit frameworks relevant to the financial sector.
  • Cross-Team Collaboration:
  • Partner with product, DevOps, risk, and compliance teams to communicate risks, remediation priorities, and best practices.
  • Incident Response Support:
  • Assist in application-related security incidents, providing root cause analysis and long-term remediation strategies.


Required Qualifications

  • 7+ years of experience in application or cloud security engineering.
  • Proficiency in Python, Java, C#, or JavaScript for security automation and code review.
  • Expertise in SAST/DAST tools (e.g., Veracode, Checkmarx, Burp Suite, OWASP ZAP).
  • Experience with CI/CD pipelines (GitLab, Jenkins, GitHub Actions) and Infrastructure-as-Code.
  • Solid understanding of cloud security principles (AWS, Azure, or GCP).
  • Familiarity with financial data regulations and security frameworks (PCI-DSS, SOX, ISO 27001, NIST 800-53).
  • Excellent communication skills. Able to translate complex risks into clear business impact for executives and developers alike.


Preferred Qualifications

  • Certifications such as CISSP, OSWE, GCSA, CCSP, or GIAC GWAPT.
  • Experience working in regulated financial or fintech environments.
  • Knowledge of container orchestration, micro segmentation (Illumio, Prisma Cloud, etc.), and API security frameworks.


Job Overview
Posted Date Oct 27, 2025
Employment Type Contract
Experience Level Mid-Senior level
Location United State
Category Cyber Security
Company Vivid Resourcing
Mentioned Skills
javascript python java gcp c# c cissp ccsp nist incident response owasp dss kubernetes aws docker jenkins devops terraform ansible cloud infrastructure as code pci dss gitlab powershell technical expertise cloud security burp suite
Industries
financial services

Subscribe our newsletter

New Things Will Always Update Regularly