Arcadia
Application Security Engineer
United StatesmidAdded 2 days ago
About this role
Arcadia seeks an Application Security Engineer to lead vulnerability management and security automation for a 300+ person engineering team. You'll own the full lifecycle of security findings across SAST/DAST/SCA tools, integrate security into CI/CD pipelines, and build a Security Champions program to embed security practices across development teams.
What you'll do
- Manage end-to-end vulnerability lifecycle including triage, prioritization, and remediation coordination with engineering teams
- Maintain and optimize security tool integrations within CI/CD pipelines with focus on automation
- Launch and operate a Security Champions program with workshops and office hours across geographies
- Serve as application security subject matter expert during incidents and provide root cause analysis
- Conduct threat modeling and lead design review processes to embed security earlier in the development lifecycle
What they're looking for
- Application security (3-5 years in SaaS/cloud-native)
- SAST, DAST, SCA, or CSPM tooling (Snyk, Checkmarx, Semgrep, Wiz)
- CI/CD pipeline integration (GitHub Actions, Jenkins, GitLab CI)
- Container security (Docker, Kubernetes)
- API security (REST, GraphQL)
- Technical risk communication to non-security stakeholders
- Threat modeling frameworks (STRIDE, PASTA)
- AWS cloud security services (GuardDuty, Security Hub)
Benefits
- Remote-first culture with flexibility to work anywhere in the US
- Unlimited PTO with no accrual
- 12 annual holidays plus 10 sick days
- 12 weeks paid parental leave for all parents
- 75-95% employer coverage for medical, dental, and vision
- Professional development and volunteer time off
Opens the official application on the employer’s site. No login required.