Overview:As a Senior Software Engineer specializing in Application Security in Hypori's Product & Engineering organization, you enable software engineering teams to continuously improve the security posture of our products and operational SaaS environments. You combine hands-on AppSec and DevSecOps expertise - integrating security tooling in CI/CD pipelines, developing security patterns, and serving as a subject matter expert for the secure development and deployment of containerized microservices, cloud infrastructure, and other product components.
Responsibilities: - Maintain a deep understanding of the security aspects of Hypori's product/system architecture and implementation patterns; collaborate with engineering teams on threat models; participate in design and architecture reviews; and engage across scrum teams to surface and address application security, privacy, and compliance concerns.
- Be the go-to AppSec expert for software engineering, security, and compliance teams. Mentor engineers on application security principles, secure design patterns, and secure coding practices; grow security capability and awareness through thought leadership and active engagement.
- Develop and maintain software security patterns to enable security/compliance/privacy-by-default engineering, such as: secure coding and configuration standards, code snippets/templates for Infrastructure as Code, hardening of containerized applications, etc.
- Lead automation and integration of vulnerability management tooling - including SAST, DAST, and SCA tools - across artifact repositories, container registries, and other components of development and build pipelines.
- Perform security-focused code reviews on request, providing targeted guidance on security-sensitive components and implementation decisions.
- Triage vulnerability and compliance testing results for technical implications, validate their applicability, determine exposure in a system/component context, and generate user stories for remediation efforts.
- Contribute to technical compliance strategies and hardening across cloud infrastructure, development/QA environments, and system components (such as FIPS-validated crypto configurations and network segmentation); implement quality gates and security test suites across development and build pipelines.
- Actively contribute to the success of Hypori's Security Champions program.
- Participate in Engineering on-call rotations to provide application security expertise during incident triage and response.
- Protect intellectual property, user data, and system integrity by (a) adhering to Hypori's policies and procedures for secure software development and (b) following best practices for secure product design, implementation, and deployment of development, build, test, production, and other environments.
Qualifications: - Must be a US Citizen or US Permanent Resident
- 5+ years of hands-on software engineering experience, with a demonstrated focus on building and securing production systems. Proficient in at least one programming language.
- Proficient in understanding and explaining the ins and outs of software vulnerabilities across stacks, their potential impact when exploited, and how to mitigate them.
- Proficient in the security management of cloud infrastructure services and container-based deployments.
- Proficient in the management of software supply chain security aspects, including the management of software security vulnerabilities in dependencies.
- Proficient in secrets management practices and tooling (e.g., HashiCorp Vault, AWS Secrets Manager), including automated secrets scanning in development workflows and CI/CD pipelines.
- Proficient in expressing the concepts, practical application, and typical implementation of identity & access management, applied cryptography, network security, and related security domains.
- Proficient in API security concepts and their application, authentication and authorization patterns (OAuth 2.0, OIDC), and secure API design principles.
- Proficient in concisely articulating both technical risk and the trade-offs of proposed solutions to decision makers and peers.
- Experience with modern CI/CD pipelines, scrum-based engineering practices, and the automation, integration, and centralized management of security and compliance tooling across development lifecycles.
- Experience in interpreting security and compliance frameworks and standards.
- Experience with application security testing tools and techniques, and with demonstrating/validating the exploitability of vulnerabilities.
- Experience with AI/LLM-assisted tooling to automate application security tasks, and ability to advise software engineers on the security, compliance, and privacy implications of their use.
Preferred Attributes: - Proficient in the application of infrastructure-as-code principles and associated security paradigms.
- Familiarity with FedRAMP, NIST SP 800-53, or comparable government compliance frameworks.
- Experience working in or supporting a government or defense technology environment.
Pay Range:- $180,000-$195,000 (commensurate with experience and interview performance) plus a 10% bonus
About Us Hypori Inc. provides a generous benefits package for full-time employees that includes medical, dental, and vision insurance, parental leave, and life and disability packages. We also invest in our employees' futures by providing a 401(k) plan with employer-matching contributions that vest starting from your first day of employment.
In addition to the base compensation, Hypori also offers a performance bonus, which is primarily contingent upon company-wide performance. We are dedicated to investing in the tools and skills required to be strong, collaborative colleagues and people managers to help build and retain a strong workforce.
