Application Security Senior Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

ISTARI · 2 days ago

Application Security Senior Engineer

positionUnited States
timeContract
remoteRemote
senioritySenior Level, Lead/Staff
date10+ years exp

ISTARI is a strategic cybersecurity advisory company focused on building a resilient cybersecurity ecosystem. The Application Security Senior Engineer will provide strategic architecture and engineering support to integrate security into the application development lifecycle, ensuring secure design principles are embedded across all phases of development.

Cloud SecurityConsultingCyber SecurityFinancial ServicesInformation TechnologyInternet of ThingsRisk ManagementVenture Capital
badNo H1Bnote
Hiring Manager
Mariani Maihadani
linkedin

Responsibilities

Provide application security architecture advisory for new application development, modernisation initiatives, and system integrations, ensuring security-by-design principles are embedded across the SDLC
Lead the execution and governance of the Secure Software Development Framework in collaboration with the client’s development partners and platform teams
Define, maintain, and govern application security blueprints, reference architectures, and design patterns for APIs, microservices, and cloud-native workloads
Establish and enforce API security standards, including authentication, authorisation, encryption, traffic inspection, and rate limiting
Oversee threat modelling, secure design reviews, and risk assessments for business-critical applications and third-party integrations
Drive secure coding practices by enabling developer awareness, training, and adoption of secure frameworks and standards
Oversee the SAST, DAST, and CI/CD security tooling strategy, ensuring effective integration into development pipelines and efficient management of findings and remediation workflows
Act as the strategic interface for Application Security-as-a-Service, partnering with third-party engineering teams providing day-to-day AppSec execution and tooling operations
Collaborate with cloud, network, and platform engineering teams to ensure applications are securely deployed within segmented, Zero Trust-aligned environments
Serve as the application security authority during security incidents, providing architectural guidance for containment, remediation, and post-incident improvements
Provide executive-level reporting on application security posture, including vulnerability trends, remediation progress, and residual risk

Qualification

Application SecuritySecure SDLC GovernanceAPI Security ArchitectureCloud-native SecuritySASTDAST ToolingRisk-based ReportingExecutive CommunicationThird-party Coordination

Required

~10 years' experience in Application Security
Strong experience in secure SDLC governance and design assurance
Proven capability in application and API security architecture
Hands-on experience with cloud-native and microservices security
Experience overseeing security tooling and vulnerability findings management
Ability to coordinate and govern third-party AppSec service providers
Strong risk-based reporting and executive communication skills
Deep knowledge of SAST, DAST, and CI/CD security tooling
Experience with API gateways and identity services

Company

ISTARI

twittertwitter
company-logo
ISTARI is a Temasek-founded global cybersecurity firm dedicated to helping clients build cyber resilience.
dateFounded in 2020
location
London, England, GBR
people-size51-200 employees
web-link
https://istari-global.com/

Funding

Current Stage
Growth Stage

Leadership Team

leader-logo
Rashmy Chatterjee
Member Board of Directors
linkedin
Company data provided by crunchbase