limble - Senior Application Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• AI-assisted application security testing and automation: ability to use tools such as Claude and Cursor to scale and automate security activities, including identifying vulnerabilities, generating test cases, and developing proof-of-concept exploits to validate findings. • Cloud & platform: AWS • CI/CD & source control: GitHub, Wiz, or similar systems • Security tooling: SAST, SCA, SBOM, DAST • AppSec expertise: • Secure coding practices • Security frameworks: NIST 800-218 (SSDF), OWASP • APIs, auth, session management, data protection, microservices • Threat modeling: STRIDE w/ DREAD • Engineering workflows: Jira or similar systems • Familiarity with AI-assisted development tools (e.g., Cursor, Claude) and ability to apply appropriate security guardrails • Strong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation) • 5–8+ years in application security, product security, or security-focused software engineering • Strong depth in web and API security, including modern auth patterns and attack techniques • Experience securing cloud-native SaaS platforms and microservices architectures • Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices • Proven ability to influence engineering teams through trust, clarity, and practical solutions • Key Traits for This Role • Relationship-driven and able to build credibility quickly with engineers • Strong communicator who can translate risk into actionable engineering work • Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy • Comfortable taking ownership and driving initiatives end-to-end
Responsibilities
• Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy, roadmap, and measurable maturity improvements • Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions • Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform • Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices • Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz. • Implement and manage security testing capabilities across: • SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.) • DAST (new tool selection and rollout) • Vulnerability tracking and remediation workflows • Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts • Support secure architecture for web applications and APIs • Drive secure coding enablement through: • OWASP training • Secure coding best practices • Targeted coaching based on real issues found in the codebase • Partner with and help scale the Security Champions program to coordinate security improvements and incident response • Track and communicate application security program progress using clear metrics and reporting • Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking • What Success Looks Like (First 90 Days) • Assess current application security posture, secure SDLC integration, and highest-risk areas • Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities • Improve CI/CD security coverage while reducing noise and improving signal quality • Establish repeatable processes for: • Threat modeling • Secure design reviews • Vulnerability triage and remediation workflows • Build strong, trusted relationships with product and engineering teams and Security Champions • Define and begin tracking key application security KPIs and program metrics
No credit card. Takes 10 seconds.