Senior Application Security Engineer

7 days ago


Boston, United States CloudZero Full time

About the Role:
CloudZero is seeking our first Senior Application Security Engineer. In this pivotal role, you will shape the security framework of our market-leading cloud cost intelligence platform, addressing some of the most critical challenges cloud-driven businesses face today. You will establish and champion best-in-class security practices, ensuring our platform remains resilient and our customers’ sensitive data is always safeguarded.
Collaborating closely with our engineering teams, you will design and implement secure development processes, identify and address vulnerabilities, and foster a security-first mindset throughout our product lifecycle. This is a unique opportunity to make a foundational impact on the security of an innovative, fast-growing company by building scalable, proactive solutions that protect both our platform and the customers who trust us.

Responsibilities:

  • Develop and Lead Security Programs:
    • Build and lead our application security program, aligning security initiatives with business and engineering priorities.
    • Champion and drive a Security Champions Program to empower developers and cultivate a security-first culture across the organization.
  • Integrate Security into Development:
    • Promote and implement processes that make security a shared responsibility, integrating it seamlessly into our development lifecycle.
    • Equip developers with the tools and guidance to make secure choices easy, scalable, and effective.
  • Collaborate Across Teams:
    • Partner with Engineering and the broader Security organization to embed security into development and deployment processes.
    • Work closely with Engineering and SecOps teams to secure our AWS-based infrastructure, ensuring adherence to best practices for identity management, logging, and secure configurations.
    • Collaborate with Security and Operations teams to align on broader security initiatives and enhance overall resilience.
  • Security Assessments and Risk Mitigation:
    • Conduct security assessments, code reviews, threat modeling, and penetration testing to identify and mitigate risks early.
    • Manage and optimize application security tooling, including static (SAST) and dynamic (DAST) analysis tools and CI/CD integrations.
  • Automation and Innovation:
    • Explore and implement security automation to improve efficiency and coverage, utilizing your Python expertise to build scalable tools and workflows.
    • Stay ahead of emerging threats, trends, and technologies to keep our applications, APIs, and cloud environments secure.
  • Incident Response:
    • Participate in our incident response team on-call rotation to address and resolve security incidents promptly.

Requirements

  • 3-5+ years of Python experience.
  • 3-5+ years of AWS, GCP, and Azure experience.
  • Strong foundation in application security.
  • Proven expertise with application security testing tools, such as Burp Suite.
  • Strong understanding of OWASP Top 10.
  • Experience conducting penetration tests, including manual testing, to uncover business logic flaws, API vulnerabilities, and complex attack vectors.
  • Familiarity with SCA tools (e.g., Snyk, Dependency-Check) to manage open-source security risks.
  • Hands-on experience securing AWS environments, including services like Lambda, IAM, GuardDuty, Security Hub, and WAF.
  • Knowledge and experience securing CI/CD pipelines.
  • Strong understanding of secure coding practices, vulnerability management, and compliance frameworks (e.g., SOC 2, ISO 27001).
  • Familiarity with threat modeling frameworks and experience applying them to real-world applications.
  • Exceptional communication skills, with the ability to explain technical concepts to developers, executives, and non-technical stakeholders.
  • A proactive mindset with a passion for enabling developers to adopt secure practices without friction.
  • Ability to participate in our incident response team on-call rotation.

About CloudZero
Cloud cost management is one of the biggest challenges organizations face today. As cloud adoption continues to accelerate, so do the complexities and costs associated with it — and macroeconomic conditions only increase pressure to prove cloud efficiency. That’s why we built CloudZero: a SaaS platform at the intersection of next-generation cloud cost management and FinOps. CloudZero ingests billing and usage data from all cloud, SaaS, and PaaS providers, organizes it in real time according to our customers’ business structures, lets customers view it at any level of time or resource granularity, and ultimately empowers them to make more informed business decisions.

Since our founding in 2016, our mission has been to make efficient innovation a reality for every cloud-driven organization. At CloudZero, we believe every engineering decision is a buying decision, yet the cost conversation often bypasses the engineers who drive those determinations. To solve this, we’ve built a dynamic, single-page application that answers the complex, data-heavy questions every cloud-based organization needs to ask if they want to grow their company profitably.

To date, we’ve raised over $52 million from leading venture capital firms across the country. We’re solving problems of massive scale, business importance, and complexity in a space that needs it more than ever. We’re growing rapidly and would love for you to be a part of it

Equal Opportunity Employer

CloudZero is an equal opportunity employer and values diversity. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status or disability status. All job offers are contingent upon the candidate passing background and reference checks.


**Applicants must be authorized to work for ANY employer in the United States. We are unable to sponsor or take over sponsorship of an employment Visa at this time.**



  • Boston, United States Aqua Security Full time

    Aqua Security is a global leader in cloud-native security, safeguarding software infrastructure from development to production. As a rapidly growing player in the cloud-native security space, we champion innovation, collaboration, and growth. We're seeking a talented Security Engineer to join our elite Security team and enhance our vulnerability management...


  • Boston, Massachusetts, United States Canonical - Jobs Full time

    Take on a pivotal role as a Senior Security Engineering Manager at Canonical, leading the development of cutting-edge security engineering projects. With a strong focus on vulnerability remediation and open-source ecosystem protection, you will be instrumental in shaping the future of Ubuntu and ensuring the safety and security of millions of users...

  • Senior Engineer

    1 week ago


    Boston, United States PetsApp Full time

    About Vend Vend is an integrated software, payments, and operations company revolutionizing how real estate owners, tenants, and visitors interact with parking. By combining the latest technology with a modern business model, we deliver transparency, efficiency, and smarter operations that enhance the parking experience while driving significant value for...

  • Senior Engineer

    1 week ago


    Boston, United States PetsApp Full time

    About Vend Vend is an integrated software, payments, and operations company revolutionizing how real estate owners, tenants, and visitors interact with parking. By combining the latest technology with a modern business model, we deliver transparency, efficiency, and smarter operations that enhance the parking experience while driving significant value for...


  • Boston, United States Secure Code Warrior Full time

    Principal Application Security Consultant Secure Code Warrior helps developers write more secure code. We are focused on bringing an innovative approach to developer security learning. The Principal Application Security Consultant will serve as a trusted, strategic partner to clients, collaborating closely with AppSec managers, and Cyber & Engineering...

  • Senior Engineer

    4 weeks ago


    Boston, United States PetsApp Full time

    About VendVend is an integrated software, payments, and operations company revolutionizing how real estate owners, tenants, and visitors interact with parking. By combining the latest technology with a modern business model, we deliver transparency, efficiency, and smarter operations that enhance the parking experience while driving significant value for...

  • Security Engineer

    3 days ago


    Boston, United States Tallon Recruiting & Staffing Full time

    You will need to login before you can apply for a job. Security Engineer - Okta with Security Clearance Job Highlights Hybrid schedule – multiple locations available! Security Engineer – Okta MA, Boston 01731 Security Clearance: U.S. Citizen, Current Security Clearance, Interim Secret, Secret Skills: Security Engineering, Access Control, Okta, TIBA,...

  • Senior Engineer

    6 days ago


    South Boston, United States PetsApp Full time

    About Vend Vend is an integrated software, payments, and operations company revolutionizing how real estate owners, tenants, and visitors interact with parking. By combining the latest technology with a modern business model, we deliver transparency, efficiency, and smarter operations that enhance the parking experience while driving significant value for...


  • Boston, United States Pegasystems Full time

    Senior Applications Engineer Job Category: Information Technology Location: US - Massachusetts - Remote ShareCopying... Meet Our Team: Pegasystems develops strategic applications for sales, marketing, service and operations. Pega's applications streamline critical business operations, connect enterprises to their customers seamlessly in real-time across...


  • Boston, United States Pegasystems Full time

    Pegasystems Senior Applications Engineer Boston, Massachusetts Apply NowPegasystems develops strategic applications for sales, marketing, service, and operations. Pega's applications streamline critical business operations, connect enterprises to their customers seamlessly in real-time across channels, and adapt to meet rapidly changing requirements. Pega's...


  • Boston, Massachusetts, United States Snyk Full time

    About the RoleAs a Senior Application Security Consultant at Snyk, you will play a crucial role in helping our customers improve their application security posture. We are seeking an experienced professional with a strong understanding of application security principles, vulnerabilities, and threat modeling.This is a challenging yet rewarding opportunity to...

  • Security Engineer

    4 weeks ago


    Boston, United States Tallon Recruiting and Staffing Full time

    Security Engineer - Okta Security Clearance: Current Secret Location: Must be local to support hybrid schedule at one of these locations: Arlington, VA, San Antonio, TX, or Hanscom AFB, MA Relocation: Relo support will be considered for candidates outside the commuting area. We are recruiting for multiple Okta Engineer openings at the junior and senior...

  • Security Engineer

    1 month ago


    Boston, United States Tallon Recruiting and Staffing Full time

    Security Engineer - Okta   Security Clearance: Current Secret Location: Must be local to support hybrid schedule at one of these locations: Arlington, VA, San Antonio, TX, or Hanscom AFB, MA Relocation: Relo support will be considered for candidates outside the commuting area. We are recruiting for multiple Okta Engineer openings at the junior and...

  • Software Engineer

    5 days ago


    Boston, Massachusetts, United States Snyk Full time

    About SnykSnyk is a developer security platform that empowers developers to build secure software. We're on a mission to make the digital world a safer place by providing innovative solutions for application security.Job DescriptionWe're seeking an experienced Software Engineer to join our Developer Experience team. As a key member of our team, you'll be...


  • Boston, United States Sibitalent Corp Full time

    Title: Application Security Architect Location: Boston, MA – Hybrid onsite 3 days (Tues-Thurs onsite)Duration: 6 months Only W2 or self corp......................Job Description:We are hiring for an experienced Senior Application Security Architect Must have the following background – local candidates are considered first, but open to nearby...


  • Boston, United States Merlin Labs Full time

    About Merlin:Merlin is a venture-backed aerospace startup building a non-human pilot to enable both reduced crew and uncrewed flight. Backed by some of the world's leading investors, Merlin is scaling alongside our customers to begin leveraging autonomy today to solve some of aviation's biggest challenges.About you:You are an experienced professional with a...

  • AI Security Engineer

    2 weeks ago


    Boston, United States Motion Recruitment Full time

    An innovative cloud detection and response startup is looking for Senior AI Security Researchers to join their growing team. You'll lead and own the AI stack within their product, working closely with the CTO and engineering teams. You'll be responsible for finding innovative ways to integrate AI into their security platform and advance AI-driven security...


  • Boston, United States Trustmark Full time

    Trustmark’s mission is to improve wellbeing – for everyone. It is a mission grounded in a belief in equality and born from our caring culture. It is a culture we can only realize by building trust. Trust established by ensuring associates feel respected, valued and heard. At Trustmark, you’ll work collaboratively to transform lives and help people,...


  • Boston, United States Merlin Labs Full time

    About Merlin:Merlin is a venture-backed aerospace startup building a non-human pilot to enable both reduced crew and uncrewed flight. Backed by some of the world’s leading investors, Merlin is scaling alongside our customers to begin leveraging autonomy today to solve some of aviation’s biggest challenges.About you:You are an experienced professional...

  • Senior engineer

    4 weeks ago


    Boston, United States To The New Full time

    Role - Senior BI EngineerContract - 12 MonthsLocation - Boston, MA (Hybrid) Summary: Senior BI engineer will be responsible for supporting various key Analytics teams as well as BI platforms and services that include Tableau, Tableau Prep, Tableau Cloud and Alteryx. Candidate will have extensive experience with Tableau Dashboard/Tableau Prep design process,...