Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams.
Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions).
Partner with developers on new features and systems to identify risks early in the lifecycle.
Implement best practices for secrets handling, API authentication/authorization, and data protection.
Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster.
Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution.
Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements.
Implement monitoring, alerting, and remediation for security incidents across our platform.
Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others.

6+ years in security engineering, DevSecOps, or related roles, including experience at scale.
Excellent communication and teamwork abilities.
Strong experience integrating security into modern SDLC pipelines.
Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.).
Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation).
Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries.
Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity.
Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF).
Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies).
Hands-on with Terraform, Helm, and GitOps practices.

Canary Days: As a company we want to ensure that the team has time to recharge. Each month we provide company wide days off to ensure there is at least one extended weekend or day off.
Self Improvement Club: We meet each month and share our personal goals for the month. Each individual is provided a budget towards any purchases that help us achieve these goals.
Professional Development Chats: We provide budget to help drive cross functional professional development conversations across the organization.
Travel Reimbursement: Team members are able to visit our offices across New York, San Francisco or Dallas when they choose, and are provided a travel stipend for doing so. Spend time working with the team in their office, and use the rest of your time exploring a new city!
Personal Travel Reimbursement: If you stay at a hotel that Canary works with, we provide a credit towards your stay.

Remote (Worldwide)

Canary Technologies is an equal opportunity employer. We recruit, employ, train, compensate and promote talent regardless of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information or any other protected characteristic. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

Canary Technologies Corp is hiring a Senior Application Security Engineer