Expert, Application Security & VMDR jobs in United States
cer-icon
Apply on Employer Site
company-logo

Armis · 8 hours ago

Expert, Application Security & VMDR

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
money$157K/yr - $180K/yr
date7+ years exp

Armis is a company focused on improving application security posture, and they are seeking an Expert in Application Security & VMDR. This role involves leading the Application Security program, integrating vulnerability management strategies, and collaborating with engineering teams to embed security throughout the software development lifecycle.

ComplianceCyber SecurityInformation TechnologyInternet of ThingsNetwork SecurityRisk Management
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Lead the Application Security program across all Armis products, embedding security throughout the SDLC
Perform secure design and architecture reviews, partnering with engineering teams to identify and mitigate risk early
Conduct and lead threat modeling sessions using STRIDE, DREAD, or PASTA methodologies
Own application-layer vulnerability management as part of Armis’ VMDR strategy , from detection through remediation and validation
Integrate AppSec findings (SAST, DAST, SCA, API testing) into centralized vulnerability workflows, risk scoring, and prioritization models
Correlate application vulnerabilities with asset context, exploit intelligence, and business criticality to drive risk-based remediation
Track and report VMDR metrics such as MTTD, MTTR, exposure windows, and remediation effectiveness for application vulnerabilities
Build and maintain automated AppSec pipelines for SAST, DAST, SCA , and API security testing
Collaborate with DevOps to integrate security scanning into CI/CD pipelines (GitHub Actions, Jenkins, Buildkite)
Partner with Cloud and Infrastructure Security to secure APIs, microservices, and containerized workloads (Docker, Kubernetes)
Develop and maintain secure coding standards and security baselines for React, Node.js, Python, Java, and Go
Mentor engineers and security champions; deliver secure coding training and threat modeling workshops
Act as a trusted advisor to engineering leadership, translating vulnerabilities into clear risk and remediation guidance
Support compliance and audit readiness including SOC 2, ISO 27001, FedRAMP, and HIPAA , ensuring application risks are documented and managed within VMDR processes

Qualification

Application SecuritySASTDASTVulnerability ManagementSecure Software EngineeringThreat ModelingCI/CD PipelinesMicroservices SecurityOWASP Top 10PythonJavaJavaScript/TypeScriptGoSecure Coding StandardsCloud SecurityAPI SecurityCompliance KnowledgeCertificationsCommunication Skills

Required

7–10+ years of experience in Application Security, Product Security, or Secure Software Engineering
Proven expertise in SAST, DAST, SCA, and dependency management tools (e.g., Veracode, Checkmarx, Fortify, Snyk, SonarQube, OWASP Dependency-Check)
Hands-on coding proficiency in at least two modern languages (Python, JavaScript/TypeScript, Java, Go)
Strong experience managing vulnerabilities end-to-end, including triage, prioritization, remediation tracking, and validation
Deep understanding of OWASP Top 10, CWE, CVE, and exploitability concepts
Strong knowledge of CI/CD pipelines, Git-based workflows, and secure build automation
Experience with threat modeling, secure architecture reviews, and microservices/API security
Ability to clearly communicate technical risk to both engineering teams and business stakeholders

Preferred

Experience in a SaaS, cloud-native, or cybersecurity product company
Hands-on experience integrating AppSec into broader VMDR or exposure management programs
Familiarity with cloud and container security platforms (Prisma Cloud, Wiz, Orca)
Experience with IaC security (Terraform, CloudFormation)
Exposure to API Gateway security, OAuth2, token-based auth, and zero-trust architectures
Relevant certifications such as OSWE, CSSLP, GWAPT, GWEB, CEH

Benefits

Bonuses
Commissions
Stocks
Health insurance benefits

Company

Armis

twittertwittertwitter
company-logo
Armis is a cyber exposure management and security company that protects the entire attack surface and detects threats in real time.
dateFounded in 2015
location
San Francisco, California, USA
people-size501-1000 employees
web-link
https://www.armis.com

H1B Sponsorship

Armis has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (2)
2024 (2)
2022 (2)
2021 (1)
2020 (5)

Funding

Current Stage
Late Stage
Total Funding
$1.27B
Key Investors
Goldman Sachs Growth EquityGeorgianOne Equity Partners
2025-12-23Acquired
2025-11-05Series Unknown· $435M
2025-07-23Secondary Market· $100M

Leadership Team

leader-logo
Yevgeny Dibrov
Co-Founder & CEO
linkedin
leader-logo
Nadir Izrael
Co-founder & CTO
linkedin

Recent News

The Motley Fool
ServiceNow Shares Slip Despite Strong AI Growth. Should Investors Buy the Dip on the Stock?
2026-02-03
Security Week
The Upside Down is Real: What Stranger Things Teaches Us About Modern Cybersecurity
2026-01-25
The Motley Fool
Why Stock-Split Stock ServiceNow Slumped in 2025
2026-01-22
Company data provided by crunchbase