[Remote] Senior Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Limble is a company specializing in a modern SaaS computerized maintenance management platform, and they are seeking a Senior Application Security Engineer to lead their application security program. The role involves collaborating with engineering and product teams to integrate secure practices into the software development lifecycle and drive risk reduction efforts.ResponsibilitiesYou own the application security program at Limble. You set the direction, build the relationships, and own the outcomes (strategy and roadmap)Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisionsPartner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platformDefine and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practicesPropose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or WizDefine the strategy for security testing across SAST, SCA, DAST, and SBOM. This includes selecting tools, guiding implementation with engineering, and ensuring signal quality over coverage theaterLeverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation effortsSupport secure architecture for web applications and APIsDrive secure coding enablement through:OWASP trainingSecure coding best practicesTargeted coaching based on real issues found in the codebasePartner with and help scale the Security Champions program to coordinate security improvements and incident responseTrack and communicate application security program progress using clear metrics and reportingFacilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation trackingAssess current application security posture, secure SDLC integration, and highest-risk areasDeliver a prioritized remediation and maturity roadmap aligned with Engineering and Security prioritiesImprove CI/CD security coverage while reducing noise and improving signal qualityEstablish repeatable processes for:Threat modelingSecure design reviewsVulnerability triage and remediation workflowsBuild strong, trusted relationships with product and engineering teams and Security ChampionsDefine and begin tracking key application security KPIs and program metricsSkills5–8+ years in application security, product security, or security-focused software engineeringComfortable reading and writing code. You can review a PR and find the bug, not just run a scanner on itStrong depth in web and API security, including modern auth patterns and attack techniquesExperience securing cloud-native SaaS platforms and microservices architecturesStrong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practicesProven ability to influence engineering teams through trust, clarity, and practical solutionsBenefitsFully remote positionFlexible PTO13 paid company holidaysPaid parental leaveHealth, Dental, and Vision insuranceEmployer paid Basic Life insurance and Short-Term Disability insuranceCompany contribution match for HSA and 401(k)Flexible Spending AccountsMonthly employee wellness stipendOpportunities for Learning and Development ReimbursementPet insuranceCompany OverviewLimble is the AI maintenance and asset management platform. It was founded in 2015, and is headquartered in Lehi, Utah, USA, with a workforce of 201-500 employees. Its website is https://limblecmms.com.