Security Engineer

HOLLISTER INC
Boston, United States of America
24 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 160K

Job location

Boston, United States of America

Tech stack

Java
JavaScript
API
Artificial Intelligence
Software System Penetration Testing
C Sharp (Programming Language)
Software as a Service
Code Review
Computer Security
Cursor (Graphical User Interface Elements)
Programming Tools
Python
Open Web Application Security
PCI Data Security Standards
Systems Development Life Cycle
Secure Coding
Software Engineering
Systems Architecture
Web Applications
Cloud Platform System
GitHub Copilot
Software Security
Infrastructure as Code (IaC)
GWAPT
Information Technology
GPT
Devsecops
Static Application Security Testing
Microservices
Dynamic Application Security Testing

Job description

As an Application Security Engineer, you will lead initiatives to strengthen the firm's application security program, working closely with development, risk, compliance, and audit teams to ensure robust, resilient, and secure software solutions. This role offers a unique opportunity to influence security standards within a reputable, growth-oriented private markets environment, with a hybrid work model that promotes flexibility and work-life balance., * Evaluate applications, SDLC processes, and system architecture to identify risks and security gaps.

  • Define standards, guardrails, and best practices for secure coding, especially around emerging AI-powered development tools.
  • Lead secure code reviews, threat modeling, and conduct application security testing (SAST, DAST, SCA).
  • Detect, analyze, and assist in the remediation of vulnerabilities within web applications and APIs.
  • Collaborate with engineering teams to embed security into CI/CD pipelines and DevSecOps practices.
  • Support security audits, regulatory inspections, penetration testing, and incident response activities.
  • Monitor third-party SaaS tools, ensuring secure configurations and access controls align with corporate standards.
  • Develop security metrics and reporting to measure the effectiveness of security initiatives.
  • Educate and empower developers through secure coding guidance, training, and tooling.

Requirements

  • Demonstrated expertise in application security principles and familiarity with OWASP Top 10 risks.
  • Proven experience securing web apps, APIs, and microservices, ideally within financial services.
  • Hands-on experience with AI-assisted coding tools such as Cursor, GitHub Copilot, or ChatGPT Codex, including understanding associated security risks.
  • Proficiency in code review across languages like Java, Python, C#, or JavaScript.
  • Strong knowledge of cloud environments, containers, Infrastructure as Code (IaC), and modern DevSecOps tooling.
  • Excellent communication skills, with the ability to convey technical risk to diverse stakeholders.
  • Bachelor's degree in Computer Science, Information Security, or a related discipline.
  • Professional security certifications such as CISSP, CSSLP, OSCP, or GWAPT are a plus.
  • 3-5 years of experience in application security or secure software development.
  • Experience working within regulated environments such as finance, banking, or fintech, with familiarity in relevant compliance frameworks (e.g., SOC 2, SOX, PCI DSS, GDPR).

Our Commitment to Inclusion & Belonging

Benefits & conditions

$140,000 - $160,000 annually

Apply for this position