Canary Technologies

Senior Application Security Engineer

Canary Technologies$120K — $150K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Excellent communication and teamwork abilities
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on with AppSec tooling like Snyk, OWASP ZAP, and Burp Suite
  • Solid understanding of web app security, including OWASP Top 10
  • Familiarity with AWS/Kubernetes security
  • Strong programming skills in Python, Go, or JavaScript

Responsibilities

  • Define and enforce best practices for secure coding across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines
  • Collaborate with developers to identify risks in new features early
  • Implement best practices for secrets handling and API authentication
  • Build security guidelines and training for faster secure code shipping
  • Triage findings from bug bounties and penetration tests
  • Act as a bridge between application developers and platform engineers

Benefits

  • Canary Days: Company-wide days off for team recharge
  • Self Improvement Club: budget for personal development goals
  • Professional Development Chats: funding for cross-functional development conversations
  • Travel Reimbursement: stipend for visiting offices and exploring new cities
  • Personal Travel Reimbursement: credit for hotel stays with partnered hotels
Full Job Description
About the Role

Our team is growing and we're hiring a Senior Application Security Engineer to join our engineering team and enable our next phase of growth. Canary's engineering team is fully remote!

This role focuses on embedding security into the software development lifecycle (SDLC), partnering with developers to make secure design the default. You will own the strategy for application security tooling, automation, and developer enablement while collaborating closely with SREs, infra, and data engineers to keep our platform both secure and scalable.

Responsibilities

  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
  • Partner with developers on new features and systems to identify risks early in the lifecycle
  • Implement best practices for secrets handling, API authentication/authorization, and data protection
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
  • Implement monitoring, alerting, and remediation for security incidents across our platform
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others


Qualifications

  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Excellent communication and teamwork abilities
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
  • Familiarity with AWS/Kubernetes security
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
  • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
  • Hands-on with Terraform, Helm, and GitOps practices
  • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
  • Knowledge of networking, encryption, and cloud-native security best practices


We also work hard to ensure Canary is a fun and exciting place to work! Here are some of the additional benefits:

Canary Days: As a company we want to ensure that the team has time to recharge. Each month we provide company wide days off to ensure there is at least one extended weekend or day off.

Self Improvement Club: We meet each month and share our personal goals for the month. Each individual is provided a budget towards any purchases that help us achieve these goals.

Professional Development Chats: We provide budget to help drive cross functional professional development conversations across the organization.

Travel Reimbursement: Team members are able to visit our offices across New York, San Francisco or Dallas when they choose, and are provided a travel stipend for doing so. Spend time working with the team in their office, and use the rest of your time exploring a new city!

Personal Travel Reimbursement: If you stay at a hotel that Canary works with, we provide a credit towards your stay.

About Canary Technologies

One Canada Square is a skyscraper in Canary Wharf, London. It was completed in 1991 and is the third tallest building in the United Kingdom at 770 feet above ground level containing 50 storeys. One Canada Square was designed by César Pelli with Adamson Associates and Frederick Gibberd Coombes. The building is clad with stainless steel. One of the predominant features of the building is the pyramid roof, which contains a flashing aircraft warning light, a rare feature for buildings in the United Kingdom. The distinctive pyramid pinnacle is 800 feet above sea level. One Canada Square is primarily used for offices, though there are some retail units on the lower ground floor. There is no observation floor. It is a prestigious location for offices and as of October 2017 was completely let. The building is recognised as a London landmark, and it has gained much attention through film, television, and other media as one of the tallest buildings in the United Kingdom.
Learn more about Canary Technologies

Similar Jobs

More Jobs at Canary Technologies

More Information Technology Jobs

Find similar Senior Application Security Engineer jobs: