Job Description

Canary is seeking a Senior Application Security Engineer to embed security into the software development lifecycle, own the strategy for application security tooling, and collaborate with various engineering teams to ensure a secure and scalable platform. This role focuses on proactive security measures, developer enablement, and incident response.

Responsibilities

• Define and enforce secure coding best practices
• Integrate and manage SAST, DAST, and SCA tools
• Partner with developers to identify risks
• Implement secrets handling and data protection
• Build security guidelines and training
• Triage and prioritize security findings
• Align app security with infrastructure and compliance
• Implement security monitoring and alerting
• Scan and remediate vulnerabilities
• Design and maintain IAM roles
• Automate evidence gathering for compliance

Requirements

• 6+ years in security engineering or related roles
• Excellent communication and teamwork abilities
• Experience integrating security into SDLC pipelines
• Hands-on experience with AppSec tooling
• Solid understanding of web app security
• Familiarity with AWS/Kubernetes security
• Strong programming skills (Python, Go, or JavaScript)
• Proven track record of security adoption
• Strong AWS security skills
• Experience with Kubernetes security
• Hands-on with Terraform, Helm, and GitOps
• Knowledge of networking and cloud-native security

Benefits

• No benefits