Sardine is hiring a Senior Application Security Engineer. You will play a critical role in ensuring the security and integrity of our services as a key security partner for our development teams, embedding security principles directly into the Software Development Lifecycle.
What You'll Do
- Perform security code reviews, vulnerability assessments, and penetration tests on our web applications, mobile applications, and APIs.
- Integrate and manage security tools within our CI/CD pipelines, including SAST, DAST, and SCA.
- Lead and conduct threat modeling exercises for new features and services to identify potential security risks in the design phase.
- Triage, validate, and prioritize vulnerabilities discovered through automated tools, manual testing, and external bug bounty programs.
- Collaborate with engineering and product teams to design secure solutions and provide expert guidance on remediation strategies.
- Develop and maintain security standards, best practices, and documentation for our development teams.
- Manage security training to educate developers on secure coding practices and emerging threats.
- Develop custom scripts and automation to enhance our security testing capabilities and streamline security operations.
- Assist in incident response activities related to application security events.
What We're Looking For
- 7+ years of professional experience in an application security, product security, or offensive security role.
- Deep understanding of common application vulnerabilities, such as those in the OWASP Top 10, and their mitigation techniques.
- Strong proficiency in reading and auditing code in at least one of: Python, Go, or JavaScript/TypeScript.
- Hands-on experience with security tools for SAST, DAST, IAST, and SCA.
- Solid understanding of security principles for cloud environments (GCP & AWS) and containerized services (Docker, Kubernetes).
- Proven experience integrating security into various stages of the SDLC.
- Strong analytical, problem-solving, and incident response skills.
- Excellent communication and interpersonal skills, with the ability to effectively interact with technical and non-technical stakeholders.
Technical Stack
- Languages: Python, Go, JavaScript, TypeScript
- Cloud: GCP, AWS
- Containers: Docker, Kubernetes
Team & Environment
You will be a key security partner for our development teams, working embedded within the SDLC.
Benefits & Compensation
- Compensation: $175,000 - $215,000 CAD + equity: Series C equity with tremendous upside potential
- Generous compensation in cash and equity
- Early exercise for all options, including pre-vested
- Work from anywhere: Remote-first Culture
- Flexible paid time off, Year-end break, Self care days off
- Health insurance, dental, and vision coverage for employees and dependents (US and Canada specific)
- 4% matching in 401k / RRSP (US and Canada specific)
- MacBook Pro delivered to your door
- One-time stipend to set up a home office
- Monthly meal stipend
- Monthly social meet-up stipend
- Annual health and wellness stipend
- Annual Learning stipend
- Unlimited access to an expert financial advisory
Work Mode
We are a remote-first company with a global team. This position is open to candidates in Canada. We hire talented, self-motivated individuals with extreme ownership and high growth orientation. We value performance and not hours worked.
