Senior Application Security Engineer
Job Summary
Overview
Senior Application Security Engineer
Location: Remote Work Arrangement: Remote
About the Role
Were looking for a Senior Application Security Engineer to help build and mature our application security program. Youll be a hands-on technical leader embedded across our engineering organization working with developers to embed security into the SDLC identifying and remediating vulnerabilities and shaping the tools and processes that keep our products and customers safe. Deep expertise in securing cloud-native architectures and automating security into CI/CD pipelines is essential as security needs to scale with our engineering velocity. As AI-powered development becomes a bigger part of how we build and ship software youll also help engineers navigate the security challenges that come with it. This is a high-impact generalist AppSec role for someone equally comfortable reviewing threat models triaging bug bounty reports and writing secure coding guidance.
Your Role Responsibilities Heres What Youll Do
- Partner with engineering product and DevOps teams to integrate security practices throughout the software development lifecycle with a strong focus on cloud-native environments and automated pipelines.
- Design implement and maintain security tooling and gates within CI/CD pipelines covering SAST DAST SCA secrets detection and container scanning so security feedback reaches developers early and automatically.
- Collaborate with infrastructure and platform teams to help guide and improve the security posture of cloud-native environments across AWS GCP or Azure including containerized workloads Kubernetes clusters serverless functions and managed services.
- Lead and own the threat modeling process across product and engineering teams conducting application security assessments including code review and manual penetration testing of applications.
- Triage and remediate findings from SAST DAST SCA and bug bounty programs; help engineering teams understand and fix vulnerabilities.
- Define and maintain secure coding standards security testing requirements and developer-facing security documentation.
- Advise developers on AI security best practices covering risks introduced by LLM integrations such as prompt injection insecure output handling and data leakage as well as the secure use of AI coding assistants.
- Evaluate and implement AppSec tooling to improve detection and developer feedback loops.
- Respond to and investigate security incidents involving application-layer issues.
- Mentor engineers on security best practices including emerging AI-related risks and serve as a trusted security advisor to product teams.
- Contribute to security architecture reviews for new features and systems including cloud-native and AI/ML components.
Role Essentials What Youll Need
- 5 years of experience in application security software security engineering or a closely related role.
- Hands-on experience securing cloud-native environments on AWS GCP or Azure including containers Kubernetes IAM and serverless architectures.
- Proven experience integrating security into CI/CD pipelines (e.g. GitHub Actions Jenkins) automating SAST DAST SCA and secrets scanning.
- Strong command of application security fundamentals: OWASP Top 10 secure design principles and common vulnerability classes such as injection auth flaws and business logic issues.
- Experience with security testing across applications.
- Proficiency with AppSec tooling such as Checkmarx Burp Suite Trivy Checkov and Veracode.
- Ability to read and reason about code in at least one of: Python JavaScript/TypeScript Java (C#) or similar.
- Strong written and verbal communication skills with the ability to explain security risk to both technical and non-technical audiences.
What Wed Like to See Preferred Skills
- Experience with infrastructure-as-code security (Terraform CloudFormation Helm) and policy-as-code frameworks such as OPA.
- Familiarity with AI/LLM security risks including prompt injection model abuse and insecure integrations as well as frameworks like the OWASP Top 10 for LLMs.
- Experience securing AI-assisted development workflows and reviewing AI-generated code for security issues.
- One or more relevant certifications: OSCP CISSP CEH GWEB CCSP or equivalent.
- Prior experience in a product-led tech or SaaS environment.
About Hyland
Hyland is the pioneer of the Content Innovation Cloud delivering ubiquitous enterprise intelligence to organizations with solutions that unlock actionable insights and drive automation. Hyland. All rights reserved.
Trusted by thousands of organizations worldwide including many of the Fortune 100 Hylands solutions create the foundation for a connected agentic enterprise where teams harness the power of AI to redefine how they operate and engage with those they serve. For additional information on Hylands platform and services please visit .
Since 1991 it has been Hylands mission to help our employees customers and partners exceed their potential with our industry-leading content services platform. Our employees exude a contagious energy and are passionate about what they do whether its helping customers succeed raising up their fellow Hylanders or engaging in the communities where they live and work.
The #HylandLife hashtag encompasses our employee-centric culture. Our employees live our culture day in and day out by bringing their best self to work. Hyland supports them to do just that through career development resources wellbeing programs and innovation practices. We thrive on diverse viewpoints and new ideas and believe that a positive inclusive workplace is imperative to sustainable success.
As weve grown to a company of nearly 4000 strong we have the opportunity to make a significant impact on our communities. We strongly support employee initiatives and align our giving campaigns and programs to organizations that are important to them.
Equal Opportunity Statement
Hyland is an equal opportunity employer. We value diversity and are committed to providing an inclusive workplace for all employees and applicants. Employment decisions are made without regard to any characteristic protected by applicable laws and regulations. Information collected during the hiring process is used solely to assess qualifications verify identity and comply with legal requirements.
Required Experience:
Senior IC
About Company
Hyland provides enterprise content services and management to organizations across the globe. Learn about our company and software products such as OnBase.