Application Security Engineer, Secure Development & DevSecOps

Please Note: This is a Utah-based hybrid position which will require some regular in-office days each week. Additionally, employment with BambooHR is contingent on passing both a background and credit check. 

Essential Job Duties

We are expanding our security team and seeking a highly motivated and experienced Application Security Engineer with a strong focus on secure development practices and DevSecOps. In this role, you will be instrumental in embedding security directly into our software development lifecycle, ensuring our applications are secure by design and by default. You will work closely with development teams, championing security automation and driving continuous improvement in our secure coding practices.

You will:

• Secure Development Lifecycle (SDLC): Collaborate with engineering and product teams to integrate security requirements and best practices throughout the entire SDLC, from design to deployment.
• Code & Design Reviews: Conduct thorough security reviews of application architecture, design documents, and source code to identify and mitigate potential vulnerabilities.
• SAST/DAST Automation: Design, implement, and maintain the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into our CI/CD pipelines; and runtime protection (RASP) for web apps.
• Vulnerability Management: Develop, automate, and enhance our vulnerability management processes, including triage, prioritization, and tracking of security findings across applications.
• Developer Enablement: Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
• Security Tooling: Evaluate, recommend, and implement security tools and technologies to improve our application security posture.
• Automation and AI: Drive automation initiatives for security tasks, leveraging scripting and orchestration to streamline workflows. 
• Incident Response: Support security incident response activities related to application vulnerabilities.
• Continuous Improvement: Stay abreast of emerging security threats, technologies, and best practices, and propose improvements to our application security program.

What You Need to Get the Job Done

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• Minimum 3 years of specific, hands-on experience in Application Security.
• AI and Automation-first mindset. Proficiency in IaC (Terraform, CloudFormation) and CI/CD pipeline security (e.g., GitHub Actions, CircleCI integrations).
• Proven experience conducting design and code reviews for web applications and APIs.
• Demonstrable experience deploying, configuring, and maintaining SAST and DAST tools within CI/CD pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, CircleCI).
• Strong understanding of common web application vulnerabilities (OWASP Top 10) and their exploitation/mitigation.
• Experience with scripting languages (e.g., Python, Bash) for automation.
• Familiarity with cloud environments (e.g., AWS, Azure, GCP) and their security considerations.
• Excellent communication skills, with the ability to effectively articulate complex security concepts to technical and non-technical audiences.
• Strong problem-solving skills and a proactive approach to security.

What Will Make Us REALLY Love You 

• Relevant security certifications (e.g., CSSLP, GWEB, GWAPT, OSWA).
• Experience with container security (Docker, Kubernetes).
• Familiarity with compliance frameworks relevant to SaaS (e.g., SOC 2, ISO 27001).
• Experience with bug bounty programs.

What You'll Love About Us

• A Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune
• Comprehensive health, life, and disability insurance 
• Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
• 401k plans with up to 6% company match
• $2000 Paid-Paid Vacation bonus
• EAP through Headspace
• Check out all our benefits that benefit you 

About Us

At BambooHR, we're building something different: we're building a people intelligence platform that transforms HR and sets people free to do great work! We're a proven market leader driving innovation while building lasting success through thoughtful, sustainable growth. Here, you'll find a place that champions growth: both professional and personal, both individual and collective. 

We invest in potential, giving you the space to stretch your capabilities and turn good ideas into reality while providing the safety net of a supportive, values-driven culture. Our approach combines meaningful work with meaningful lives, offering competitive benefits, professional development, and the flexibility to thrive both in and outside the office. 

What sets us apart isn't just what we do, but how we do it: with openness, integrity, and a shared commitment to doing the right thing. Join us in creating HR software that makes work better for everyone, while we make work better for you.

BambooHR is committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations throughout the hiring process.  If you would like to request accommodations, please let your recruiter know.

BambooHR is An Equal Opportunity Employer--M/F/D/V
Because our team members are trusted to handle sensitive information, we require all candidates that receive and accept employment offers to complete a background check before being hired.

For information on California Privacy Policy, click here.