Application Security Engineer
Position Summary:
Pax8’s Platform Security team is responsible for the implementation and operation of our application and infrastructure security program. As a vital member of this group, the Application Security Engineer helps build and reinforce the security posture of Pax8’s software development lifecycle.
This role collaborates closely with our software development teams as we evolve our world-class software marketplace. The AppSec Engineer is responsible for supporting the identification, evaluation, and mitigation of security defects; conducting and maintaining application threat models; assisting with the design and implementation of secure development frameworks; helping to train teams on secure coding practices; and validating security processes throughout the application build, deployment, and operation processes.
Essential Responsibilities (includes, but is not limited to):
Serve as a subject matter expert on application security to help drive security considerations into product design and software development processes.
Assist in creating and maintaining risk assessments and threat models against evolving features in the Pax8 software platform.
Support the development and management of application security testing processes, including automated testing and manual design review processes.
Assist teams in reproducing, triaging, and addressing security vulnerabilities.
Contribute to the development of security standards and best practices, both in the form of written documentation and code-based guardrails.
Participate in maintaining application security tooling and associated process documentation as necessary.
Support security awareness efforts within the software engineering organization by participating in the delivery of security training sessions.
Ideal Skills, Experience, and Competencies:
At least two (2) years of experience in application/product security.
Background in the OWASP Top 10 application security defects, including the ability to identify and remediate such vulnerabilities in different languages.
Experience with modern software languages (we primarily use Kotlin and JavaScript).
Experience developing threat models and leading secure code reviews.
Experience with application security testing processes such as SAST, SCA, and DAST through detection, triage, and remediation.
Knowledge of secure architecture and secure design patterns in a web-based microservices environment.
Background in cloud-based infrastructure and containerized application environments.
Experience with modern workflow management processes such as ticketing systems.
Experience with modern source code management systems and CI/CD platforms.
Ability to execute independently within a small, nimble team.
Required Behaviors:
Compassionate Candour—We aim to assist others with candid, actionable feedback.
Seek to Understand—Be open, curious and committed to learning.
We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8.
Do What You Say—Take ownership and honor your commitments; prioritize and deliver.
Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes.
Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission.
Required Education & Certifications:
B.A./B.S. in a related field (e.g., Computer Science, Engineering, Cybersecurity) or equivalent work experience
Compensation:
Qualified candidates can expect a compensation range of $137,000/yr to $168,000/yr or more depending on experience.
Expected Closing Date: 7/15/2025
#LI-REMOTE #LI-AG1 #DICE-A
About the job
Apply for this position
Application Security Engineer
Position Summary:
Pax8’s Platform Security team is responsible for the implementation and operation of our application and infrastructure security program. As a vital member of this group, the Application Security Engineer helps build and reinforce the security posture of Pax8’s software development lifecycle.
This role collaborates closely with our software development teams as we evolve our world-class software marketplace. The AppSec Engineer is responsible for supporting the identification, evaluation, and mitigation of security defects; conducting and maintaining application threat models; assisting with the design and implementation of secure development frameworks; helping to train teams on secure coding practices; and validating security processes throughout the application build, deployment, and operation processes.
Essential Responsibilities (includes, but is not limited to):
Serve as a subject matter expert on application security to help drive security considerations into product design and software development processes.
Assist in creating and maintaining risk assessments and threat models against evolving features in the Pax8 software platform.
Support the development and management of application security testing processes, including automated testing and manual design review processes.
Assist teams in reproducing, triaging, and addressing security vulnerabilities.
Contribute to the development of security standards and best practices, both in the form of written documentation and code-based guardrails.
Participate in maintaining application security tooling and associated process documentation as necessary.
Support security awareness efforts within the software engineering organization by participating in the delivery of security training sessions.
Ideal Skills, Experience, and Competencies:
At least two (2) years of experience in application/product security.
Background in the OWASP Top 10 application security defects, including the ability to identify and remediate such vulnerabilities in different languages.
Experience with modern software languages (we primarily use Kotlin and JavaScript).
Experience developing threat models and leading secure code reviews.
Experience with application security testing processes such as SAST, SCA, and DAST through detection, triage, and remediation.
Knowledge of secure architecture and secure design patterns in a web-based microservices environment.
Background in cloud-based infrastructure and containerized application environments.
Experience with modern workflow management processes such as ticketing systems.
Experience with modern source code management systems and CI/CD platforms.
Ability to execute independently within a small, nimble team.
Required Behaviors:
Compassionate Candour—We aim to assist others with candid, actionable feedback.
Seek to Understand—Be open, curious and committed to learning.
We Before Me—Actively collaborate and seek out diverse perspectives to ensure a win for Team Pax8.
Do What You Say—Take ownership and honor your commitments; prioritize and deliver.
Light Up Learning—Be brave and try new ideas; be vulnerable and share your failures so everyone can learn from our mistakes.
Driven by Passion—Connects personal passion to Pax8 mission, resilient in face of adversity and uncertainty in pursuit of mission.
Required Education & Certifications:
B.A./B.S. in a related field (e.g., Computer Science, Engineering, Cybersecurity) or equivalent work experience
Compensation:
Qualified candidates can expect a compensation range of $137,000/yr to $168,000/yr or more depending on experience.
Expected Closing Date: 7/15/2025
#LI-REMOTE #LI-AG1 #DICE-A