03 jun
|
AgileEngine
|
Victoria
03 jun
AgileEngine
Victoria
Postúlate en Kit Empleo: kitempleo.com.ar/empleo/qz0oa
Job DescriptionAgileEngine is an Inc. **** company that creates award-winning software for Fortune 500 brands and trailblazing startups across 17+ industries.
We rank among the leaders in areas like application development and AI/ML, and our people-first culture has earned us multiple Best Place to Work awards.WHY JOIN USIf you're looking for a place to grow, make an impact, and work with people who care, we'd love to meet you!
ABOUT THE ROLEWe are looking for a Senior Application Security Engineer to modernize vulnerability management at scale within a highly regulated financial services environment.
You will govern and analyze large vulnerability datasets from tools including Wiz, Checkmarx, and Snyk, build automated triage and remediation workflows using Python and AI-assisted agents, and embed security intelligence directly into CI/CD pipelines.
The role requires deep AppSec tooling expertise, risk-based prioritization using CVSS and EPSS, and the ability to provide code-level remediation guidance to Java development teams.WHAT YOU WILL DO- Structure, analyze, and govern the massive output of vulnerability data from across the enterprise portfolio, ensuring it is highly contextualized and ready for consumption by developers and automated systems;- Triage and prioritize vulnerabilities utilizing data-driven scoring models (CVSS, EPSS) combined with contextual business and infrastructure risk;- Continuously tune security scanning tools (SAST, DAST, SCA) and data pipelines to eliminate noise and false positives, delivering only high-confidence alerts;- Develop AI-assisted runbooks, custom scripts, and intelligent agent workflows to automate the triage and remediation of high-frequency vulnerabilities;- Partner with platform teams to transform manual security review processes into automated, frictionless governance gates embedded directly within the CI/CD pipeline;- Work directly with software engineers in their native tech stack (Java, Python) to provide specific, code-level remediation guidance,
focusing on minimizing developer friction;- Conduct application threat modeling and architecture reviews for new features within critical applications;- Act as a DevSecOps evangelist, actively bridging the gap between stringent security mandates and Agile delivery velocity.MUST HAVES- 5+ years of experience in application security, software engineering, or DevSecOps, with at least 2+ years operating within highly regulated enterprise environments (Finance, Healthcare, Defense);- Proven ability to manage, analyze, and automate large datasets of security vulnerabilities to build intelligent governance and reporting metrics;- Deep, hands-on expertise deploying, tuning, and consuming APIs from modern application security testing tools (SAST, DAST, SCA) and CNAPP platforms (e.g., Wiz, Checkmarx, SonarQube, Snyk);- Strong proficiency in Python (or Go) to build custom scripts, automate vulnerability data triage, and manipulate API data from security tooling;- High proficiency in reading and reviewing enterprise application code, specifically Java;- Advanced knowledge of vulnerability scoring systems (CVSS, EPSS) and industry-standard security frameworks (OWASP Top 10, CWE);- Practical experience integrating automated security gates into modern CI/CD orchestration tools;- Upper-intermediate English level.NICE TO HAVES- Experience utilizing LLMs, AI agents, or automated coding assistants to streamline vulnerability triaging, data classification, or remediation code generation;- Prior experience managing vulnerabilities subject to strict financial compliance standards (PCI-DSS, SOC2, NYDFS);- Industry-recognized application security certifications (e.g., CSSLP, GWAPT, GWEB, CISSP,
or CEH);- Strong familiarity operating within Agile/Scrum delivery models and utilizing Jira for automated backlog management.PERKS AND BENEFITS- Professional growth: Accelerate your professional journey with mentorship, TechTalks, and personalized growth roadmaps.
- Competitive compensation: We match your ever-growing skills, talent, and contributions with competitive USD-based compensation.
- Exciting projects: Join projects with modern solutions development and top-tier clients, including Fortune 500 enterprises and leading product brands.
- Flextime: Tailor your schedule for an optimal work-life balance, with options for remote work and versátil hours.RequirementsExperience: 5+ years of experience in application security, software engineering, or DevSecOps, with at least 2+ years operating within highly regulated enterprise environments (Finance, Healthcare, Defense).
Data-Driven Security: Proven ability to manage, analyze, and automate large datasets of security vulnerabilities to build intelligent governance and reporting metrics.
AppSec Tooling: Deep, hands-on expertise deploying, tuning, and consuming APIs from modern application security testing tools (SAST, DAST, SCA) and CNAPP platforms (e.g., Wiz, Checkmarx, SonarQube, Snyk).
Scripting & Automation: Strong proficiency in Python (or Go) to build custom scripts, automate vulnerability data triage, and manipulate API data from security tooling.
Secure Code Review: High proficiency in reading and reviewing enterprise application code, specifically Java.
(Note: The engineer does not need to be a full-stack Java application developer, but must be able to comfortably read Java source code, identify flaws, and provide actionable remediation guidance to software engineers).
Vulnerability Frameworks: Advanced knowledge of vulnerability scoring systems (CVSS, EPSS) and industry-standard security frameworks (OWASP Top 10, CWE).
CI/CD Integration: Practical experience integrating automated security gates into modern CI/CD orchestration tools.
Postúlate en Kit Empleo: kitempleo.com.ar/empleo/qz0oa
📌 Application Security Engineer Id67835 (Victoria)
🏢 AgileEngine
📍 Victoria