Skip to main content

Arcadia

Application Security Engineer

United StatesmidAdded 2 days ago

About this role

Arcadia seeks an Application Security Engineer to lead vulnerability management and security automation for a 300+ person engineering team. You'll own the full lifecycle of security findings across SAST/DAST/SCA tools, integrate security into CI/CD pipelines, and build a Security Champions program to embed security practices across development teams.

What you'll do

  • Manage end-to-end vulnerability lifecycle including triage, prioritization, and remediation coordination with engineering teams
  • Maintain and optimize security tool integrations within CI/CD pipelines with focus on automation
  • Launch and operate a Security Champions program with workshops and office hours across geographies
  • Serve as application security subject matter expert during incidents and provide root cause analysis
  • Conduct threat modeling and lead design review processes to embed security earlier in the development lifecycle

What they're looking for

  • Application security (3-5 years in SaaS/cloud-native)
  • SAST, DAST, SCA, or CSPM tooling (Snyk, Checkmarx, Semgrep, Wiz)
  • CI/CD pipeline integration (GitHub Actions, Jenkins, GitLab CI)
  • Container security (Docker, Kubernetes)
  • API security (REST, GraphQL)
  • Technical risk communication to non-security stakeholders
  • Threat modeling frameworks (STRIDE, PASTA)
  • AWS cloud security services (GuardDuty, Security Hub)

Benefits

  • Remote-first culture with flexibility to work anywhere in the US
  • Unlimited PTO with no accrual
  • 12 annual holidays plus 10 sick days
  • 12 weeks paid parental leave for all parents
  • 75-95% employer coverage for medical, dental, and vision
  • Professional development and volunteer time off
Apply on the employer's site

Opens the official application on the employer’s site. No login required.