[Remote] Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Arcadia is the AI-powered energy intelligence platform for businesses. They are seeking a technically hands-on Application Security Engineer to join the Information Security team, responsible for owning the vulnerability management lifecycle and integrating security automation into the CI/CD pipeline.ResponsibilitiesOwn the end-to-end vulnerability management lifecycle: triage, prioritize, and drive remediation of findings from SAST, DAST, and SCA tooling in partnership with engineering squadsMaintain, optimize, and extend security tooling integrations within the CI/CD pipeline with the goal of automating everything that can be automatedLaunch and run a Security Champions program, including workshops and office hours, to embed security knowledge directly into development teams across multiple geographiesAct as the application-layer subject matter expert during security incidents, supporting triage, root cause analysis, and remediationPartner with Product and Engineering leadership to introduce security touchpoints earlier in the SDLC, including threat modeling and design review processesSkills3–5 years of dedicated Application Security experience in a SaaS or cloud-native environmentHands-on proficiency with at least two of the following: SAST, DAST, SCA, or CSPM tooling (e.g., Snyk, Checkmarx, Semgrep, Wiz)Strong working knowledge of CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI) and the ability to write and maintain pipeline integrationsExperience with container security (Docker, Kubernetes) and API security patterns (REST, GraphQL)Demonstrated ability to communicate technical risk to non-security engineers in a way that drives action, not anxietyExperience standing up or maturing a Security Champions programFamiliarity with cloud-native AWS security services (GuardDuty, Security Hub, IAM Access Analyzer)Exposure to threat modeling frameworks (STRIDE, PASTA, or lightweight equivalents)Relevant certifications (OSCP, GWAPT, CSSLP) — valued but not requiredBenefits"Remote first" culture - work anywhere in the US as long as you have a reliable internet connectionFlexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year12 annual holidays10 days sick leaveUp to 4 weeks bereavement leave2 volunteer days off2 professional development days off12 weeks paid parental leave for *all* parents75-95% employer cost coverage for medical, dental, and vision benefits for employees and dependentsCompany OverviewArcadia is the global utility data and energy solutions platform. It was founded in 2014, and is headquartered in Washington, District of Columbia, USA, with a workforce of 501-1000 employees. Its website is https://www.arcadia.com.