[Remote] Senior Software Engineer β Application & Cloud Security (Remote)
Note: The job is a remote job and is open to candidates in USA. Hypori, Inc. is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. They are seeking a Senior Software Engineer specializing in Application Security to enhance the security posture of their products and operational environments by integrating security practices into the software development lifecycle. The role involves mentoring teams, developing security patterns, and leading vulnerability management efforts.ResponsibilitiesMaintain a deep understanding of the security aspects of Hypori's product/system architecture and implementation patterns; collaborate with engineering teams on threat models; participate in design and architecture reviews; and engage across scrum teams to surface and address application security, privacy, and compliance concernsBe the go-to AppSec expert for software engineering, security, and compliance teams. Mentor engineers on application security principles, secure design patterns, and secure coding practices; grow security capability and awareness through thought leadership and active engagementDevelop and maintain software security patterns to enable security/compliance/privacy-by-default engineering, such as: secure coding and configuration standards, code snippets/templates for Infrastructure as Code, hardening of containerized applications, etcLead automation and integration of vulnerability management tooling β including SAST, DAST, and SCA tools β across artifact repositories, container registries, and other components of development and build pipelinesPerform security-focused code reviews on request, providing targeted guidance on security-sensitive components and implementation decisionsTriage vulnerability and compliance testing results for technical implications, validate their applicability, determine exposure in a system/component context, and generate user stories for remediation effortsContribute to technical compliance strategies and hardening across cloud infrastructure, development/QA environments, and system components (such as FIPS-validated crypto configurations and network segmentation); implement quality gates and security test suites across development and build pipelinesActively contribute to the success of Hyporiβs Security Champions programParticipate in Engineering on-call rotations to provide application security expertise during incident triage and responseProtect intellectual property, user data, and system integrity by (a) adhering to Hypori's policies and procedures for secure software development and (b) following best practices for secure product design, implementation, and deployment of development, build, test, production, and other environmentsSkillsMust be a US Citizen or US Permanent Resident5+ years of hands-on software engineering experience, with a demonstrated focus on building and securing production systems. Proficient in at least one programming languageProficient in understanding and explaining the ins and outs of software vulnerabilities across stacks, their potential impact when exploited, and how to mitigate themProficient in the security management of cloud infrastructure services and container-based deploymentsProficient in the management of software supply chain security aspects, including the management of software security vulnerabilities in dependenciesProficient in secrets management practices and tooling (e.g., HashiCorp Vault, AWS Secrets Manager), including automated secrets scanning in development workflows and CI/CD pipelinesProficient in expressing the concepts, practical application, and typical implementation of identity & access management, applied cryptography, network security, and related security domainsProficient in API security concepts and their application, authentication and authorization patterns (OAuth 2.0, OIDC), and secure API design principlesProficient in concisely articulating both technical risk and the trade-offs of proposed solutions to decision makers and peersExperience with modern CI/CD pipelines, scrum-based engineering practices, and the automation, integration, and centralized management of security and compliance tooling across development lifecyclesExperience in interpreting security and compliance frameworks and standardsExperience with application security testing tools and techniques, and with demonstrating/validating the exploitability of vulnerabilitiesExperience with AI/LLM-assisted tooling to automate application security tasks, and ability to advise software engineers on the security, compliance, and privacy implications of their useProficient in the application of infrastructure-as-code principles and associated security paradigmsFamiliarity with FedRAMP, NIST SP 800-53, or comparable government compliance frameworksExperience working in or supporting a government or defense technology environmentBenefitsA 10% bonusMedical, dental, and vision insuranceParental leaveLife and disability packages401(k) plan with employer-matching contributions that vest starting from your first day of employmentPerformance bonus, which is primarily contingent upon company-wide performanceInvesting in the tools and skills required to be strong, collaborative colleagues and people managers to help build and retain a strong workforceCompany OverviewHypori's SaaS delivered virtual workspace frees customers from liability and security risks and preserves privacy for the mobile end-user. It was founded in 2021, and is headquartered in Reston, Virginia, USA, with a workforce of 51-200 employees. Its website is http://www.hypori.com.