Senior Application Security Engineer

Our team is growing and we're hiring a Senior Application Security Engineer to join our engineering team and enable our next phase of growth. Canary's engineering team is fully remote! This role focuses on embedding security into the software development lifecycle (SDLC), partnering with developers to make secure design the default. You will own the strategy for application security tooling, automation, and developer enablement while collaborating closely with SREs, infra, and data engineers to keep our platform both secure and scalable.

Responsibilities include defining and enforcing best practices for secure coding, dependency management, and design reviews across engineering teams. Integrating and managing SAST, DAST, and SCA tools within CI/CD pipelines as well as partnering with developers on new features and systems to identify risks early in the lifecycle. Implementing best practices for secrets handling, API authentication/authorization, and data protection and building security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster. Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution. Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others.