Lead Application Security Engineer Remote

Responsibilities

• Lead the implementation and optimization of security technologies such as Web Application Firewalls (WAF), Static/Dynamic/Interactive Application Security Testing tools, and penetration testing platforms
• Collaborate with cross-functional teams, including product managers, designers, and engineers, to drive secure, high-quality software delivery
• Architect solutions leveraging cloud-native, open-source, and commercial tools to evolve application security automation and capabilities
• Design and implement advanced detections and dashboards within SIEM tools, as well as guide technical incident investigations
• Establish and lead threat modeling processes to proactively identify security risks and design effective mitigations
• Provide mentorship on secure coding practices through code reviews and actionable security feedback for engineering teams
• Drive cross-functional initiatives to close gaps in application security, identifying and executing on strategies to enhance overall capabilities
• Establish and promote security best practices as an integrated part of development processes across the organization
• Stay ahead of emerging threats, vulnerabilities, and mitigation strategies, and lead efforts to address risks and reduce the attack surface
• Collaborate with SOC and Incident Response teams to analyze logs and formulate responses to complex security incidents, including malware and software exploits
• Create and oversee frameworks for DevSecOps practices, ensuring robust security integration into CI/CD pipelines
• Represent the security organization in leadership discussions to align on company-wide objectives and secure long-term success

Requirements

• 5+ years of experience in application security or related fields, with demonstrated leadership in driving security initiatives
• Proven track record of detecting, analyzing, and remediating vulnerabilities in web applications, APIs, and mobile applications at scale
• Deep knowledge and leadership-level experience with secure coding practices and principles of modern software development
• In-depth understanding of common application security weaknesses across web applications, APIs, databases, and multi-tier systems
• Advanced experience in implementing DevSecOps practices, including the integration of security tools into CI/CD pipelines (e.g., GitLab, Jenkins)
• Proven expertise in threat modeling, design reviews, risk analysis, and creating scalable control frameworks
• Proficiency in at least one programming language (e.g., Java, Python, Ruby) alongside familiarity with its ecosystem and secure frameworks
• Extensive experience analyzing event and incident logs, assessing risks, and partnering with SOC teams to resolve security incidents
• Strong background in network security, authentication protocols, and authorization mechanisms within distributed systems
• Demonstrated ability to mentor and guide technical teams towards adopting secure practices and improving their security competency

Nice to have

• Deep understanding of containerized environments, Kubernetes security, and protecting cloud-native infrastructures
• Experience leading initiatives for aligning with security standards such as OWASP, NIST, or ISO 27001 at an organizational level
• Knowledge of securing machine learning models and mitigating unique risks posed by AI/ML technologies
• Participation in red team/blue team exercises or leading teams through simulated ethical hacking scenarios
• Experience in advanced malware analysis and reverse engineering for discovering and addressing zero-day threats

We offer

• Connectivity Bonus (15,000 ARS are paid with a salary receipt at the end of each month as a non-wages concept)
• Medicina Prepaga (It covers the collaborator and direct family group)
• Paternity Leave (Two additional days are added to what is established by law, total of 4 days)
• Discounts card
• English Training (English lessons, twice per week)
• Training Program (Access to multiple customized training plans according to the needs of each role within the company)
• Marriage bonus (The company doubles the allowance established by law that ANSES offers)
• Referral Program (Referral bonus is paid when the referral of a collaborator joins the Company)
• External Agreements and Discounts
• Vacations: 14 calendar days a year