Senior Application Security Engineer

About the Role:

Limble is hiring a Senior Application Security Engineer to lead and scale our application security program for a modern SaaS computerized maintenance management (“CMMS”) platform. This is a senior, high-ownership leadership role requiring deep hands-on technical ability and strong cross-team influence.

You’ll partner closely with Engineering and Product to embed secure-by-design practices into the SDLC, improve CI/CD security automation, and drive measurable risk reduction. Success requires someone who is collaborative and trusted by engineers. You must be able to build relationships, coach effectively, and drive security outcomes without slowing delivery.

Responsibilities

• You own the application security program at Limble. You set the direction, build the relationships, and own the outcomes (strategy and roadmap).
• Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions
• Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform
• Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices
• Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz.
• Define the strategy for security testing across SAST, SCA, DAST, and SBOM. This includes selecting tools, guiding implementation with engineering, and ensuring signal quality over coverage theater.
• Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts
• Support secure architecture for web applications and APIs
• Drive secure coding enablement through:
• OWASP training
• Secure coding best practices
• Targeted coaching based on real issues found in the codebase
• Partner with and help scale the Security Champions program to coordinate security improvements and incident response
• Track and communicate application security program progress using clear metrics and reporting
• Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking

What Success Looks Like (First 90 Days)

• Assess current application security posture, secure SDLC integration, and highest-risk areas

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

• Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities
• Improve CI/CD security coverage while reducing noise and improving signal quality
• Establish repeatable processes for:
• Threat modeling
• Secure design reviews
• Vulnerability triage and remediation workflows
• Build strong, trusted relationships with product and engineering teams and Security Champions
• Define and begin tracking key application security KPIs and program metrics

Technical Skills & Tooling

• AI-assisted application security testing and automation: ability to use tools such as Claude and Cursor to scale and automate security activities, including identifying vulnerabilities, generating test cases, and developing proof-of-concept exploits to validate findings.
• Familiarity with common AppSec tooling across SAST, SCA, and DAST. You've used these, not just configured them. You’re credible enough to find something an engineer missed and trusted enough that they thank you for it.
• AppSec expertise:
• Secure coding practices
• Security frameworks: NIST 800-218 (SSDF), OWASP
• APIs, auth, session management, data protection, microservices
• Threat modeling: STRIDE w/ DREAD or alternatives
• Engineering workflows: Jira or similar systems
• Familiarity with AI-assisted development tools (e.g., Cursor, Claude) and ability to apply appropriate security guardrails
• Strong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation)

Qualifications

• 5–8+ years in application security, product security, or security-focused software engineering

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Comfortable reading and writing code. You can review a PR and find the bug, not just run a scanner on it.
• Strong depth in web and API security, including modern auth patterns and attack techniques
• Experience securing cloud-native SaaS platforms and microservices architectures
• Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices
• Proven ability to influence engineering teams through trust, clarity, and practical solutions

Key Traits for This Role

• Relationship-driven and able to build credibility quickly with engineers
• Strong communicator who can translate risk into actionable engineering work
• Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy
• Comfortable taking ownership and driving initiatives end-to-end

Benefits

• Fully remote position
• Flexible PTO
• 13 paid company holidays
• Paid parental leave
• Health, Dental, and Vision insurance
• Employer paid Basic Life insurance and Short-Term Disability insurance
• Company contribution match for HSA and 401(k)
• Flexible Spending Accounts
• Monthly employee wellness stipend
• Opportunities for Learning and Development Reimbursement
• Pet insurance