Jobs · himalayas
Senior Security Engineer, Product AppSec
Brightpath Technologies · United States · Posted 15d ago
About the role
Advance application security practices and vulnerability management across software delivery environments.
Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. About the Role We're looking for a Senior Product Security Engineer to advance the integration and operational maturity of enterprise application security tooling and vulnerability management across a modern software delivery environment. You'll serve as a senior technical contributor responsible for embedding security into the SDLC, improving developer security enablement, and driving scalable vulnerability management programs across cloud-native, enterprise, and AI-enabled products. This role works closely with Engineering, DevOps, Platform Engineering, Security Operations, and Compliance teams to improve visibility, automation, governance, and remediation workflows at scale. Due to the fact that this position will deal with highly sensitive data and will support federal customers, we are only considering US citizens at this time. Security clearance is not required, but there is a slight chance it maybe requested in the future What You’ll Do Evaluate, deploy, integrate, and optimize security tooling — including SAST, DAST, SCA, IAST, container scanning, SBOM generation, secrets detection, and API security testing — across CI/CD pipelines and developer workflows Build automated workflows for vulnerability ingestion, prioritization, remediation tracking, and reporting, integrating with platforms such as GitHub Actions, Azure DevOps, Jenkins, Jira, and SIEM tools Drive enterprise vulnerability management initiatives, including prioritization frameworks, SLA tracking, remediation velocity improvements, and security posture dashboards Embed security-by-design principles into the SDLC, developing security guardrails and policy-as-code capabilities for cloud and application environments Partner with DevOps and CI/CD teams to improve automated security validation, release governance, and software supply chain security Serve as a senior technical advisor on application security, influencing engineering and product roadmaps to improve platform security and operational resilience Mentor engineers and security practitioners on secure development and DevSecOps best practices Technologies You’ll Work With CI/CD platforms: GitHub Actions, Azure DevOps, Jenkins, GitLab CI Security tooling: SAST, DAST, SCA, IAST, CSPM tools, container scanning platforms Cloud providers: Azure (primary), AWS, or GCP IaC and containerization: Terraform, Kubernetes, Docker Supply chain security: SLSA, Sigstore, SBOM tooling Scripting and automation: Python, Bash, PowerShell What You’ll Bring 8+ years of experience in Application Security, Product Security, DevSecOps, or Security Engineering 3+ years of hands-on experience with SAST, DAST, SCA, and IAST tooling integrated into CI/CD pipelines 3+ years in vulnerability management, including triage, risk scoring, and remediation coordination across engineering teams Strong experience with Secure SDLC, threat modeling, and software supply chain security Experience building API integrations and workflow automation across security platforms Bachelor's degree in Computer Science, Engineering, or equivalent experience Bonus Skills Experience in regulated or compliance-driven environments, including policy-as-code and OPA/Gatekeeper Familiarity with AI/ML security risks and emerging AI application security practices Demonstrated experience leading cross-functional security initiatives and influencing without direct authority Relevant certifications such as CISSP, CISM, CSSLP, or cloud security certifications What you'll get Unlimited paid time off, 12 paid holidays including 4 global VeeaMe Days for self-care and 24 paid volunteer hours annually through Veeam Cares Paid parental leave: 8 weeks for all parents, 16 weeks for birthing parents Medical, dental, and vision coverage starting on your first day Mental health support, therapy sessions, and digital wellness tools via our Employee Assistance Program 401(k) retirement plan with company matching contributions Fertility, adoption, and surrogacy support through Maven, plus paid volunteer time AirVet: 24/7 virtual veterinary care at no cost Legal services, identity protection, and supplemental health insurance options Tax-advantaged spending accounts for healthcare, dependent care, and commuting Opportunities to learn and grow through on-demand libraries (LinkedIn Learning, O’Reilly), mentoring, workshops, and le
Read the full posting on himalayas →
FAQ
Is the Senior Security Engineer, Product AppSec role at Brightpath Technologies remote?+
This Senior Security Engineer, Product AppSec position is listed as remote (United States).
What is the salary for the Senior Security Engineer, Product AppSec role at Brightpath Technologies?+
The listing states Estimated 100k-231k USD.
What seniority level is this Senior Security Engineer, Product AppSec role?+
This is a senior level position.
How do I apply for the Senior Security Engineer, Product AppSec role at Brightpath Technologies?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Brightpath Technologies.