[Remote] Senior Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. TrueML is seeking a talented and motivated Senior Application Security Engineer with a strong background in AWS and DevOps practices. In this role, you will be responsible for ensuring the security of applications throughout the development lifecycle and will work closely with engineering teams to identify and mitigate security vulnerabilities.ResponsibilitiesSecurity Integration : Work with development and DevOps teams to integrate security into the software development lifecycle (SDLC)Vulnerability Management : Identify, assess, and mitigate security vulnerabilities in applications, infrastructure, and cloud environmentsAWS Security : Implement and maintain security controls in AWS, including IAM policies, security groups, VPC configurations, and monitoringDevOps Security : Collaborate with DevOps teams to incorporate security best practices in CI/CD pipelines, including automated testing, secure code reviews, and infrastructure as code (IaC) securityThreat Modeling : Conduct threat modeling and risk assessments to identify potential security threats and develop mitigation strategiesIncident Response : Assist in developing and executing incident response plans, including identifying and responding to security incidentsCompliance & Best Practices : Ensure that all systems and applications comply with relevant security standards, regulations, and best practices (e.g., OWASP , NIST , ISO 27001)Security Training: Provide security training and guidance to engineering teams to promote secure coding and infrastructure management practicesContinuous Improvement : Continuously monitor, evaluate, and improve security practices, tools, and processesSkillsBachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience8+ years of experience in application security or a related roleStrong experience with AWS security services and best practicesExperience with DevOps tools and practices, including CI/CD pipelines, containerization, and IaCProficiency in at least one programming language (e.g., Python, Go)Strong understanding of web application security (e.g., OWASP Top Ten) and secure coding practicesFamiliarity with security tools and technologies such as SAST, DAST, SIEM, and WAFsAbility to work well in a team environment and collaborate effectively with engineers, developers, and other stakeholdersAWS Certified Security – Specialty or similar certificationExperience with container security (e.g., Docker, Kubernetes)Familiarity with modern authentication and authorization protocols (e.g., OAuth, SAML, JWT)Knowledge of secure coding frameworks and librariesCompany OverviewTrueML Technologies’ family of companies creates technology solutions seeking to revolutionize the experience of consumers seeking financial health and endeavors to ensure nobody gets locked out of the financial system. It was founded in 2013, and is headquartered in Lenexa, Kansas, USA, with a workforce of 51-200 employees. Its website is https://getretain.com.Company H1B SponsorshipTrueML has a track record of offering H1B sponsorships, with 3 in 2025. Please note that this does not guarantee sponsorship for this specific role.