Note: The job is a remote job and is open to candidates in USA. Clear Capital is a national real estate analytics, data solutions and valuation technology company, and they are seeking a Senior Application Security Engineer. The role involves validating application services for security, assessing vulnerabilities, and implementing secure development practices to ensure business continuity and risk mitigation.
Responsibilities
- Plan and carry out application security testing in all phases of the software development life cycle to identify vulnerabilities in applications and weaknesses in secure coding practices
- Assess discovered vulnerabilities and recommend risk-mitigating solutions, leveraging automation to improve the efficiency of both testing and remediation processes
- Communicate findings, risks, and recommendations to stakeholders, while documenting delivery and implementation progress against defined service-level agreements (SLAs) and business metrics
- Lead AI security initiatives, including threat modeling production LLM stacks for autonomy and prompt injection risks, and auditing third-party models and APIs to secure the software supply chain
- Attend and participate in product and application projects. This includes interacting with business units and technical teams to understand what is coming and how their projects can be more secure from the beginning
- Collaborate with architects and development teams to drive secure design practices, leveraging established security standards, configurations, and frameworks
- Fully define and follow a security review process to ensure an automated and repeatable process is managed
- Regularly monitor the security community for public-facing security issues, as well as to learn new tactics that can be used in testing
- Train developers and junior application security engineers on weaknesses to avoid
- Perform other duties as assigned
Skills
- 4+ years of related experience required
- Bachelor's Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience
- Highly technical and analytical, with a background in software development, and scripting (e.g., Java, Python, C++, Ruby, JavaScript, PowerShell, PHP)
- Expertise in application security testing, including hands-on experience with Static (SAST), Dynamic (DAST), and Software Composition Analysis (SCA) tools
- Proficiency in application security assessments, including threat modeling, vulnerability and penetration testing, API security, OWASP Top Ten mitigation, and securing applications in AWS and private cloud environments
- Relevant certifications such as C|ASE, CSSLP, GWAPT, OSCP, or equivalent
- Experience with frameworks such as ISO 27001, NIST, GDPR, CIS, or SOC 2
Benefits
- Company profit-sharing bonus program
- Communication stipends
- Referral bonuses
- Comprehensive medical, dental, and company paid vision insurance
- 401(k) retirement plan with employer match
- Voluntary life and AD&D insurance options
- Voluntary supplemental insurances for accident, critical illness, and legal services
- Paid time off (PTO) and paid holidays
- Employee assistance and wellness programs
- Company paid short term disability coverage
- Company contributions to health saving funds (with participation in the high deductible health plan
- Company paid access to Galileo for virtual primary care
- Company paid access to Rula for virtual mental health resources
- Through our Anniversary Program, we celebrate the meaningful milestones and long tenure that reflect how much we value your contributions and commitment to our team
- Career and skill development resources to help advance your career and personal growth
Company Overview