Companies you'll love to work for

Job Description

The Application Security Engineer is responsible for supporting the security and privacy of the SmartRent platform through the management of information security risk, system resilience, and compliance activities. This role uses cloud-native and third-party security tools to protect company assets and data across multiple platforms.

This role partners with engineering, development, and external stakeholders to implement and maintain security policies, processes, and standards, including secure software development lifecycle (SDLC) practices. Success in this role requires strong communication skills, the ability to coordinate across multiple technical teams, and the ability to support consistent security practices across the organization.

Responsibilities

• Develop and execute a comprehensive application security strategy aligned with business objectives and industry standards.
• Maintain and advise on secure coding standards, security documentation, and application security processes.
• Deliver application security and privacy training for development teams.
• Review source code to identify security vulnerabilities, insecure patterns, secrets exposure, and risks associated with AI-generated code.
• Triage, reproduce, and support remediation of application vulnerabilities (e.g., SQL injection, XSS, access control weaknesses) identified through automated tools (SAST, DAST, SCA) or manual analysis.
• Manage application security workflows, including task prioritization, ticket tracking, and coordination with development and DevOps teams.
• Maintain and enhance SmartRent’s responsible disclosure and vulnerability reporting program.
• Partner with developers to implement encryption, hashing, and secure key management practices.
• Collaborate with developers and engineering teams to perform threat modeling, identify attack paths, and assess weaknesses.
• Lead the investigation and mitigation of application-level security incidents, collaborating with the SOC and engineering teams to ensure rapid remediation and stakeholder communication.
• Provide guidance on security and privacy controls for cloud infrastructure (AWS), application development, and IoT hardware.
• Conduct regular application risk assessments to identify vulnerabilities and emerging threats.
• Research emerging cybersecurity risks and recommend mitigation strategies as appropriate.
• Perform adversarial testing and security validation of applications, including internal AI models and services.
• Use cloud-native security tools to identify and secure large language model (LLM) integrations and implement appropriate security guardrails.

Required Qualifications

• 4–6 years of experience in application security, including development and maintenance of security policies and collaboration with engineering and release teams.
• Experience identifying and remediating application vulnerabilities across modern programming languages, including Elixir, JavaScript, Ruby, Python, or similar languages.
• Strong knowledge of OWASP Top 10, OWASP API Top 10, and modern authentication mechanisms, including JWT and OAuth.
• Hands-on experience with application security tools, including SAST, DAST, and SCA platforms (e.g., GHAS, Burp Suite, Fortra, or similar tools).
• Experience working with cloud security controls, including AWS-native tools, web application firewalls (WAF), or similar technologies.
• Experience managing or supporting vulnerability disclosure or bug bounty programs.
• Strong written and verbal communication skills, with the ability to clearly communicate security requirements to technical teams.
• Demonstrated problem-solving and analytical skills in identifying and mitigating application security risks.

Preferred Qualifications

• Industry certifications such as CSSLP, GIAC GWAPT, CEH, or equivalent security certifications.
• Experience working with CloudFlare, AWS security services, or similar cloud-native security tools.
• Experience integrating security practices into SDLC processes.
• Experience supporting threat modeling or application security architecture reviews.