[Remote] Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)

Note: The job is a remote job and is open to candidates in USA. AuditBoard is a leading audit, risk, ESG, and InfoSec platform that has surpassed $300M ARR. They are seeking a passionate and experienced Sr. Application Security/Product Security Engineer to work alongside product and engineering teams to develop secure and resilient software for security-conscious customers, focusing on implementing security best practices throughout the software development life cycle. Responsibilities • Working with product and engineering teams to implement security throughout the design and development process • Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes • Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team • Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime • Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices • Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs • Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions • Assisting with Security Compliance activities as required • Assisting with investigation and response to security incidents and web application attacks as necessary Skills • 5+ years of experience developing or securing web-based applications • Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.) • Experience with leading threat modeling and secure design reviews • Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus • Docker & Kubernetes • Excellent organization, time management, and attention to detail • Must be action-oriented and have a proactive and collaborative approach to solving issues • Participates in the design review process, seeking and providing constructive criticism • Provides significant input into system architecture, considers scalability and performance • Communicates technical decisions through design docs, tech talks, and the wiki • Provides mentorship and technical guidance to junior and mid-level engineers • Ability to work within an on-call shift rotation • Experience working on SaaS web applications • Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages • Experience with building and securing CICD pipelines and incorporating supply chain security best practices • Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions • Experience coordinating bug bounty and penetration testing engagements • Leveraging, building and securing AI coding assistants, agents, and product solutions • BS in Computer Science (or equivalent experience) Benefits • $200/mo for anything that enhances your life • Comprehensive employee health coverage (all locations) • 401K with match (US) or pension with match (UK) • Competitive compensation & bonus program • Flexible Vacation (US exempt & CA) or 25 days (UK) • Time off for your birthday & volunteering • Employee resource groups • Opportunities for team and company-wide get-togethers! Company Overview • AuditBoard develops a cloud-based audit automation platform that specializes in transforming economic governance within business sectors. It was founded in 2014, and is headquartered in Cerritos, California, USA, with a workforce of 501-1000 employees. Its website is Company H1B Sponsorship • AuditBoard has a track record of offering H1B sponsorships, with 1 in 2025, 4 in 2024, 1 in 2023, 1 in 2022. Please note that this does not guarantee sponsorship for this specific role. Apply tot his job