Information Security / Application Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Information Security / Application Security Engineer in the United States.

This role offers an exciting opportunity to bridge the gap between software development and security in a high-impact engineering environment. You will work closely with development teams to integrate security practices into the software development lifecycle, implement automation for security checks, and support the scaling of the organization’s security posture. This position combines hands-on technical work with collaboration across engineering, infrastructure, and compliance teams to drive secure, compliant, and resilient software solutions. You will contribute directly to initiatives supporting SOC 2, ISO 27001, and FedRAMP compliance while shaping the company’s application security strategy.

• Accountabilities:
• Embed security into the SDLC by reviewing architecture, code, and CI/CD pipelines for potential vulnerabilities.
• Collaborate with developers to implement secure authentication, authorization, and secrets management practices.
• Design and roll out software development security controls and automate security evidence collection for compliance frameworks.
• Support vulnerability management, risk assessments, and security incident response within engineering projects and new deployments.
• Integrate and maintain security tooling for static analysis, dependency scanning, container security, and policy enforcement.
• Work closely with IT and infrastructure teams to ensure endpoint hardening, identity, and access controls are effective.
• Requirements:
• 3+ years of professional software engineering experience using Python, Go, Java, or similar languages.
• Solid understanding of application security fundamentals, including authentication, encryption, input validation, secrets management, and secure APIs.
• Familiarity with modern DevOps and cloud environments, particularly GCP.
• Experience with CI/CD systems such as GitHub Actions, GitLab CI, and integrating security tooling.
• Strong collaboration skills, able to balance pragmatism and security when working with engineering teams.
• Preferred: Exposure to security compliance frameworks (SOC 2, ISO 27001, FedRAMP) and hands-on experience with tools like HashiCorp Vault, Snyk, Trivy, or Open Policy Agent.
• Preferred: Experience in cloud-native environments (Kubernetes, Terraform, Infrastructure-as-Code security) and relevant certifications such as CSSLP, GCSA, or OSWE.
• Benefits:
• Competitive US-based salary with potential performance-based bonuses.
• Flexible working arrangements, including hybrid and fully remote options.
• Comprehensive health, dental, and vision coverage.
• Professional development support including training, certifications, and skill growth opportunities.
• Collaborative, inclusive, and values-driven culture emphasizing continuous learning and cross-functional teamwork.
• Access to wellness programs and resources supporting work-life balance and overall well-being.

Why Apply Through Jobgether?

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

#LI-CL1