What are the responsibilities and job description for the Senior Application Security Engineer position at Andiamo?
About The Role
Lead the strategy and execution of application security across a fast-moving engineering organization. You will embed security into the SDLC, build guardrails and tooling, and partner with product and platform teams to ship secure software at scale.
What You’ll Do
Talent Partners for the AI Revolution. As a globally recognized staffing and consulting firm, we specialize in placing the top 2% of technology and go-to-market professionals with the world’s largest and most well-known companies.
For over 20 years, we've maintained the status of tier-one vendor for firms such as Palantir, Amazon, Fluidstack, Bloomberg, Relativity Space, Firefly, MasterCard, Visa, Two Sigma, Citadel, as well as other major financial services firms, elite hedge funds, Google-backed tech start-ups, and major software firms.
Our talent solutions include Permanent Placement, Contract Staffing, Executive Search, and Dedicated Recruiting Services (RPO). Find out more at www.andiamogo.com
Lead the strategy and execution of application security across a fast-moving engineering organization. You will embed security into the SDLC, build guardrails and tooling, and partner with product and platform teams to ship secure software at scale.
What You’ll Do
- Own AppSec roadmap: threat modeling, secure design reviews, and risk assessments for new features.
- Operationalize security tooling (SAST/DAST/SCA/IAST, secret scanning, container scanning) and CI/CD gates.
- Build developer-first guardrails: secure coding standards, reusable libraries, reference architectures.
- Drive remediation at scale via auto-fixes, query packs, and actionable AppSec dashboards.
- Partner on cloud and runtime security (Kubernetes, service mesh, identity, least privilege, policies).
- Lead incident response for application-layer vulnerabilities and coordinate with IR/ProdSec teams.
- Run training and gamified exercises; measure maturity with clear KPIs and risk reduction targets.
- 5 years in AppSec or Security Engineering; strong software background (Python/Go/Java/JS).
- Hands-on with OWASP Top 10, cloud-native security, OAuth/OIDC, and modern auth patterns.
- Deep knowledge of CI/CD security, SBOMs, supply chain (Sigstore, attestations), and IaC scanning.
- Experience with container/Kubernetes hardening and policy engines (OPA/Gatekeeper).
- Excellent communication; ability to influence and coach engineering teams.
- Threat modeling frameworks (STRIDE, LINDDUN) and adversary simulation experience.
- Compliance mapping (SOC 2, ISO 27001) without slowing delivery.
Talent Partners for the AI Revolution. As a globally recognized staffing and consulting firm, we specialize in placing the top 2% of technology and go-to-market professionals with the world’s largest and most well-known companies.
For over 20 years, we've maintained the status of tier-one vendor for firms such as Palantir, Amazon, Fluidstack, Bloomberg, Relativity Space, Firefly, MasterCard, Visa, Two Sigma, Citadel, as well as other major financial services firms, elite hedge funds, Google-backed tech start-ups, and major software firms.
Our talent solutions include Permanent Placement, Contract Staffing, Executive Search, and Dedicated Recruiting Services (RPO). Find out more at www.andiamogo.com