[Remote] Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Twin Health is a company focused on improving metabolic health through AI Digital Twin technology. They are seeking a highly motivated Application Security Engineer to build and manage their application and cloud security capabilities, ensuring the security of systems and products as they scale globally.ResponsibilitiesLead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams to enhance visibility and remediation workflowsDesign, implement, and manage application and cloud security tooling across AWS, including Security Hub, GuardDuty, Macie, Inspector, and related automationManage secure code scanning processes, integrating SAST (Static Analysis) and DAST (Dynamic Analysis) using Sonar Cloud to identify and remediate vulnerabilities early in the SDLCDevelop automated pipelines and playbooks for vulnerability triage, remediation tracking, and reporting of metrics. (MTTD, MTTR)Partner with software engineering teams to embed security into CI/CD pipelines and promote secure coding practicesCollaborate with the Security, IT, and GRC teams to ensure alignment with SOC 2, HIPAA, and SOX controlsContribute to threat modeling, code review, and incident response related to application vulnerabilitiesEvaluate and implement new security tools and processes to enhance the overall application security postureSupport vendor risk assessments and penetration testing efforts related to application componentsCreate and maintain security documentation, architecture diagrams, and operational runbooksParticipate in on-call rotations as part of the broader security operations programOther duties as assignedSkillsBachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)1-3+ years of experience in Application Security, DevSecOps, or Cloud Security Engineering rolesHands-on experience with AWS security services (Security Hub, GuardDuty, Inspector, Macie, IAM, KMS)Familiarity with Wiz or similar CSPM platformsProven experience integrating SAST/DAST tools (e.g., Soar Cloud, Veracode, Snyk, Checkmarx, Burp Suite, etc.) into CI/CD pipelinesFamiliarity with Docker, K8S, and microservices-based architecturesExperience with WAF, endpoint security, and IAMStrong understanding of secure software development lifecycle (SSDLC) and common vulnerabilities (OWASP Top 10, CWE, CVSS)Proficiency in at least one scripting or automation language (Python, Bash, or similar)Proficiency in JavaKnowledge of threat modeling, code review, and cloud infrastructure security best practicesExcellent collaboration and communication skills with both technical and non-technical stakeholdersExperience with compliance frameworks such as SOC 2, HIPAA, or HiTrust is a plusExperience working in a high-growth or regulated environment is preferredThis remote opportunity based out of the U.S. Preferred location is in EST timezone. Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this timeBenefitsA competitive compensation package in line with leading technology companiesA remote and accomplished global teamOpportunity for equity participationUnlimited vacation with manager approval16 weeks of 100% paid parental leave for delivering parents; 8 weeks of 100% paid parental leave for non-delivering parents100% Employer sponsored healthcare, dental, and vision for you, and 80% coverage for your family; Health Savings Account and Flexible Spending Account options401k retirement savings planCompany OverviewTwin Health is a metabolic health platform that offers sensors, AI to reverse, prevent and improve chronic metabolic diseases. It was founded in 2018, and is headquartered in Mountain View, California, USA, with a workforce of 201-500 employees. Its website is http://twinhealth.com.