Senior Application Security Engineer

About the Engineering Organization:

The Engineering Team at Loop thrives on a balance of agility, consistency, and performance. These pillars empower us to deliver impactful value to our customers consistently. Our deep customer understanding fuels our engineering teams to be industry leaders, bringing innovative ideas to market.

About the Role:

As a Senior Application Security Engineer at Loop, your primary responsibility will be to ensure the security and integrity of our systems and data. You will collaborate on security projects, identify and communicate potential risks, and implement effective security measures.

You will maintain a secure environment by proactively monitoring and remediating vulnerabilities, responding to security incidents, and conducting regular security audits. Additionally, you will participate in engineering activities, share your expertise, and mentor team members on security best practices.

You will also advocate for security within the organization, promote a culture of security awareness, and seek continuous improvements to our security posture.

Our Blended Work Environment:

Loop offers flexibility through our Blended Working Environment. You can work from our HQ in Columbus, Ohio, join a Hub with 4+ team members, or work fully remote. Our team spans the US, parts of Canada (Ontario & British Columbia), and the UK, allowing you to choose a work environment that suits your lifestyle.

Our Tech Stack:

While core technologies are used across teams, the specific stack varies. You might encounter Vue.js, Node.js, PHP/Laravel, MySQL, DynamoDB, Docker, Kubernetes, AWS Cloud, Gitlab, and Serverless Framework. The security tools include Vanta, Sysdig, Cloudflare, and other vulnerability scanning solutions.

What you’ll do:

1. Participate in security projects, ensuring secure, well-documented work. Support SOC2 compliance and Pen Testing initiatives.
2. Secure networks, applications, infrastructure, and data. Provide technical guidance and identify automation opportunities.
3. Use monitoring and vulnerability scanning tools to identify security issues, remediate or escalate as needed.
4. Learn the team’s tech stack and security tools quickly. Manage security projects independently, meet deadlines, and explore automation.
5. Build relationships with engineers, provide security feedback, and lead security discussions.
6. Prioritize security issues based on risk assessments.
7. Own and manage security incident response.

Your experience:

1. At least 7 years' experience in application development or DevOps and security engineering.
2. Strong knowledge of common application security vulnerabilities (e.g., OWASP Top 10, SANS Top 25).
3. Experience with security testing, including code review, SAST, DAST, and vulnerability scanning.
4. Experience integrating security into all software development phases, including “Shift Left” security.
5. Familiarity with SIEM, WAF, Risk Management Platforms, SAST/DAST, or similar tools.
6. Deep understanding of cloud security, especially AWS security services and architectures.
7. Proficiency in at least one scripting language (e.g., Python, Bash) for automating security tasks.
8. Skill in identifying, evaluating, and monitoring security vulnerabilities.
9. Proven experience handling security incidents from detection to remediation.
10. Excellent communication skills to explain security concepts to various audiences and collaborate across teams.
11. Ability to analyze security issues, identify root causes, and recommend solutions.

We offer a salary range of $141,600 - $212,400 annually, based on experience, location, and other factors. Benefits include medical, dental, vision insurance, flexible PTO, holidays, sick & safe leave, parental leave, 401k, wellness benefits, workstation support, phone/internet stipends, and equity.