[Remote] Senior Software Engineer – Application & Cloud Security (Remote)

Note: The job is a remote job and is open to candidates in USA. Hypori, Inc. is a high-growth cybersecurity SaaS company transforming how organizations think about secure mobility. They are seeking a Senior Software Engineer specializing in Application Security to enhance the security posture of their products and operational environments by integrating security practices into the software development lifecycle. The role involves mentoring teams, developing security patterns, and leading vulnerability management efforts.

Responsibilities

• Maintain a deep understanding of the security aspects of Hypori's product/system architecture and implementation patterns; collaborate with engineering teams on threat models; participate in design and architecture reviews; and engage across scrum teams to surface and address application security, privacy, and compliance concerns
• Be the go-to AppSec expert for software engineering, security, and compliance teams. Mentor engineers on application security principles, secure design patterns, and secure coding practices; grow security capability and awareness through thought leadership and active engagement
• Develop and maintain software security patterns to enable security/compliance/privacy-by-default engineering, such as: secure coding and configuration standards, code snippets/templates for Infrastructure as Code, hardening of containerized applications, etc
• Lead automation and integration of vulnerability management tooling – including SAST, DAST, and SCA tools – across artifact repositories, container registries, and other components of development and build pipelines
• Perform security-focused code reviews on request, providing targeted guidance on security-sensitive components and implementation decisions
• Triage vulnerability and compliance testing results for technical implications, validate their applicability, determine exposure in a system/component context, and generate user stories for remediation efforts
• Contribute to technical compliance strategies and hardening across cloud infrastructure, development/QA environments, and system components (such as FIPS-validated crypto configurations and network segmentation); implement quality gates and security test suites across development and build pipelines
• Actively contribute to the success of Hypori’s Security Champions program
• Participate in Engineering on-call rotations to provide application security expertise during incident triage and response
• Protect intellectual property, user data, and system integrity by (a) adhering to Hypori's policies and procedures for secure software development and (b) following best practices for secure product design, implementation, and deployment of development, build, test, production, and other environments

Skills

• Must be a US Citizen or US Permanent Resident
• 5+ years of hands-on software engineering experience, with a demonstrated focus on building and securing production systems. Proficient in at least one programming language
• Proficient in understanding and explaining the ins and outs of software vulnerabilities across stacks, their potential impact when exploited, and how to mitigate them
• Proficient in the security management of cloud infrastructure services and container-based deployments
• Proficient in the management of software supply chain security aspects, including the management of software security vulnerabilities in dependencies
• Proficient in secrets management practices and tooling (e.g., HashiCorp Vault, AWS Secrets Manager), including automated secrets scanning in development workflows and CI/CD pipelines
• Proficient in expressing the concepts, practical application, and typical implementation of identity & access management, applied cryptography, network security, and related security domains
• Proficient in API security concepts and their application, authentication and authorization patterns (OAuth 2.0, OIDC), and secure API design principles
• Proficient in concisely articulating both technical risk and the trade-offs of proposed solutions to decision makers and peers
• Experience with modern CI/CD pipelines, scrum-based engineering practices, and the automation, integration, and centralized management of security and compliance tooling across development lifecycles
• Experience in interpreting security and compliance frameworks and standards
• Experience with application security testing tools and techniques, and with demonstrating/validating the exploitability of vulnerabilities
• Experience with AI/LLM-assisted tooling to automate application security tasks, and ability to advise software engineers on the security, compliance, and privacy implications of their use
• Proficient in the application of infrastructure-as-code principles and associated security paradigms
• Familiarity with FedRAMP, NIST SP 800-53, or comparable government compliance frameworks
• Experience working in or supporting a government or defense technology environment

Benefits

• A 10% bonus
• Medical, dental, and vision insurance
• Parental leave
• Life and disability packages
• 401(k) plan with employer-matching contributions that vest starting from your first day of employment
• Performance bonus, which is primarily contingent upon company-wide performance
• Investing in the tools and skills required to be strong, collaborative colleagues and people managers to help build and retain a strong workforce

Company Overview