Senior Application Security Engineer

Imagine

X is a tech company that deploys AI-assisted teams to build and secure mission-critical enterprise solutions with our clients – spanning software, cybersecurity, data, and AI. Structured like a software company, not a traditional consultancy, we blend deep technical expertise with authentic values, achieving world-class satisfaction (NPS 82). Our dedicated teams specialize in software, data, and AI across the U.S. and LATAM, bridging the gap between boutique agility and enterprise scale.

We're looking for a Senior Application Security Engineer to join our growing team. Our execution success is rooted in our unique model that is supported by our industry partners and specialists. The Imagine

X culture thrives on entrepreneurship, risk taking, mutual trust, teamwork, encouraging change, and letting our consultants own their way of working.
This is a 100% remote position, no additional travel required, aggressive salary and bonus packages, and 401K matching.
Must be comfortable working standard west coast hours.

• Provide guidance and assistance to development personnel in understanding security vulnerabilities and remediation options.
• Collaborate with developers to ensure adherence to security best practices during development cycles.
• Utilize SAST and DAST tools for thorough security testing and validation of remediation efforts.
• Recommend efficient solutions for fixes to streamline the remediation process.
• Assist in building out the capabilities of a Dev Sec Ops  Team, contributing to integrating security practices into CI/CD pipelines.
• Automate existing manual processes to improve the efficiency of development workflows.
• Analyze findings from penetration tests and propose remediation tasks.
• Support assigned teams with technical aspects of the remediation process.
• Monitor and track progress on remediation tasks to ensure completion.

• 7+ years' experience as an Application Security Engineer using technologies such as Qualys WAS, Wiz, Java script, C#.NET/Java
• Strong static analysis tools (SAST) to secure applications including Veracode, Fortify, Sonar Qube and Checkmarx
• Must have solid experience in dynamic security testing (DAST) and how to integrate security tools within the CI/CD pipeline
• Experience mitigating SQL injection vulnerabilities
• Strong experience on how to secure a RESTful API
• Ability to analyze risks associated with vulnerabilities and recommend appropriate resolutions or risk reduction strategies.
• Must work effectively as a supportive team member within the Info Sec team and act as a security ambassador to the wider organization.
• Proficient in collecting and synthesizing information in a format suitable for audits. Attention to detail is essential for maintaining accurate documentation.

SPONSORSHIP NOT AVAILABLE. US CITIZEN OR GREEN CARD HOLDER ONLY.