Information Security / Application Security Engineer

You’ll work closely with our engineering teams to integrate security into the software development lifecycle (SDLC), improve secrets management, implement security automation, and help scale our security posture as we pursue SOC 2, ISO 27001, and FedRAMP compliance. Responsibilities: Secure Software Development & Engineering Support: Partner with software teams to embed security into the SDLC (design reviews, threat modeling, dependency management). Review architecture, code, and CI/CD configurations for security concerns. Assist developers in implementing secure authentication, authorization, and secrets management practices. Build or integrate tooling to automate static analysis, dependency scanning, and container security checks. Security Controls & Automation: Design and roll out software development security controls (e.g., centralized secrets management, secure build pipelines). Automate security evidence collection and reporting for compliance frameworks. Collaborate with development teams to mitigate findings from CSPM tooling. Collaborate with the IT and Infrastructure teams on endpoint hardening, identity, and access control. Incident Readiness & Risk Management: Contribute to vulnerability management and security incident response. Support risk assessments for engineering projects, new technologies, vendors, and deployments. Participate in post-incident reviews and drive security improvements.