Application Security Expert

Remote Full-time
The Expert, Application Security & VMDR is a hands-on technical leader responsible for architecting, automating, and continuously improving Armis’ application security posture—while ensuring application vulnerabilities are fully integrated into Armis’ VMDR framework.

This role bridges engineering, product security, and vulnerability management, defining how application risks are identified, prioritized, contextualized, and remediated across Armis’ SaaS and on-prem platforms. You will ensure that AppSec findings are not siloed, but instead correlated with asset intelligence, exploitability, exposure, and business impact

Key Responsibilities

Application Security Leadership
• Lead the Application Security program across all Armis products, embedding security throughout the SDLC.
• Perform secure design and architecture reviews, partnering with engineering teams to identify and mitigate risk early.
• Conduct and lead threat modeling sessions using STRIDE, DREAD, or PASTA methodologies.

VMDR Integration & Vulnerability Lifecycle
• Own application-layer vulnerability management as part of Armis’ VMDR strategy, from detection through remediation and validation.
• Integrate AppSec findings (SAST, DAST, SCA, API testing) into centralized vulnerability workflows, risk scoring, and prioritization models.
• Correlate application vulnerabilities with asset context, exploit intelligence, and business criticality to drive risk-based remediation.
• Track and report VMDR metrics such as MTTD, MTTR, exposure windows, and remediation effectiveness for application vulnerabilities.

Automation & Tooling
• Build and maintain automated AppSec pipelines for SAST, DAST, SCA, and API security testing.
• Collaborate with DevOps to integrate security scanning into CI/CD pipelines (GitHub Actions, Jenkins, Buildkite).
• Partner with Cloud and Infrastructure Security to secure APIs, microservices, and containerized workloads (Docker, Kubernetes).

Engineering Partnership & Enablement
• Develop and maintain secure coding standards and security baselines for React, Node.js, Python, Java, and Go.
• Mentor engineers and security champions; deliver secure coding training and threat modeling workshops.
• Act as a trusted advisor to engineering leadership, translating vulnerabilities into clear risk and remediation guidance.

Compliance & Assurance
• Support compliance and audit readiness including SOC 2, ISO 27001, FedRAMP, and HIPAA, ensuring application risks are documented and managed within VMDR processes

Required Qualifications
• 7–10+ years of experience in Application Security, Product Security, or Secure Software Engineering.
• Proven expertise in SAST, DAST, SCA, and dependency management tools (e.g., Veracode, Checkmarx, Fortify, Snyk, SonarQube, OWASP Dependency-Check).
• Hands-on coding proficiency in at least two modern languages (Python, JavaScript/TypeScript, Java, Go).
• Strong experience managing vulnerabilities end-to-end, including triage, prioritization, remediation tracking, and validation.
• Deep understanding of OWASP Top 10, CWE, CVE, and exploitability concepts.
• Strong knowledge of CI/CD pipelines, Git-based workflows, and secure build automation.
• Experience with threat modeling, secure architecture reviews, and microservices/API security.
• Ability to clearly communicate technical risk to both engineering teams and business stakeholders

Preferred Skills
• Experience in a SaaS, cloud-native, or cybersecurity product company.
• Hands-on experience integrating AppSec into broader VMDR or exposure management programs.
• Familiarity with cloud and container security platforms (Prisma Cloud, Wiz, Orca).
• Experience with IaC security (Terraform, CloudFormation).
• Exposure to API Gateway security, OAuth2, token-based auth, and zero-trust architectures.
• Relevant certifications such as OSWE, CSSLP, GWAPT, GWEB,CEH.

Apply Now

Apply Now
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Talent Acquisition Specialist - EMEA Region

Remote

AI Content Creator

Remote

Android Developer| Remote

Remote

Senior Engineer, Quality Assurance

Remote

Site Solutions Analyst, Clinical Trial Payments (anywhere in Europe)

Remote

Senior Customer Success Manager | Enterprise Client Engagement & Strategic Account Leadership

Remote

Opera PMS (Property Management Suite Support) Specialist | 100% Remote

Remote

Coca-Cola Sales Merchandiser Job at Coca Cola in South Jordan

Remote

Customer Care Assistant - Remote Customer Support Specialist - Delivering Exceptional Experiences in a Dynamic and Inclusive Work Environment

Remote

Data Entry Made Easy - Work on Your Schedule

Remote
← Back