security
Posted 3 weeks agoSenior Application Security Engineer
at ezyVet
Westbrook, United StatesHybrid
Responsibilities
- Conduct security architecture reviews and threat modeling sessions with development teams using STRIDE methodology
- Perform application security assessments across 20+ security verification service offerings including SAST/DAST analysis, manual code review, API security testing, authentication/authorization testing, and vulnerability validation
- Execute hands-on security testing of web applications, APIs, mobile applications, and cloud-native services
- Analyze and validate security findings from automated tools (GitHub Advanced Security, Synack, Tenable, AquaSec) and provide actionable remediation guidance
- Support penetration testing engagements and coordinate with third-party security assessment vendors (Synack ST+) Security Engineering & Automation
- Build and maintain security verification tooling, scripts, and automation to improve assessment efficiency and coverage
- Develop custom security testing scripts and proof-of-concept exploits to validate vulnerabilities
- Create reusable security patterns, code snippets, and reference implementations for common security controls Developer Partnership & Enablement
- Deliver security training and enablement sessions on secure coding practices, common vulnerabilities, and threat modeling
- Support Security Champions with security questions, design reviews, and knowledge sharing SSDLC & Program Development
- Define and refine security verification service offerings based on application risk profiles
- Support the standardization of security assessment intake, execution, and reporting processes via ServiceNow
- Maintain security verification documentation including testing methodologies, checklists, and runbooks
- Track and report on security assessment metrics including coverage, finding severity distribution, and remediation timelines
- Track record of translating security findings into practical, actionable remediation guidance What you can expect from us: Base annual salary target: $120000 - $150000 (yes, we do have flexibility if needed)
- Conduct your first independent security assessment from intake through finding delivery and remediation support
- Build relationships with Security Champions across 5-10 development teams
- Execute 20+ security assessments across the full range of security verification services
- Lead threat modeling sessions for 10+ applications or major features