NextGenEnergyJobsRenewable Energy Jobs
Energy Solutions logo

Senior Application Security Engineer Hybrid - US

Energy Solutions
Location not specified
Full Time
Posted October 20, 2025
$119k - $147k
Not Specified
Apply Now

Application opens on company website

Job Description

A Senior Application Security Engineer responsible for managing security and risk for internal applications, including implementing security controls, conducting code reviews, threat modeling, and ensuring compliance with security standards within a primarily remote company.

Key Responsibilities

  • Manage security and risk for internal applications by contributing to security roadmap, prioritizing risks, and sequencing work.
  • Review and approve security-related code changes, conduct pull request reviews, and guide refactors focused on security.
  • Perform static application security testing (SAST), triage findings, and drive remediation efforts with development owners.
  • Develop reference security implementations in Django Python, including authentication, input validation, secrets handling, and access controls.
  • Translate SOC 2 and NIST security requirements into technical stories, controls, and automated evidence within CI/CD pipelines.
  • Design and document secure architecture patterns, threat models, and security standards for application development.
  • Oversee security tasks throughout the Software Development Life Cycle (SDLC) to ensure compliance and security best practices.
  • Collaborate with developers, security teams, and business stakeholders to ensure security requirements are integrated into projects.

Requirements

  • Minimum of 5 years experience in application security experience.
  • Practice and implementation with Django Python with a clear application-security focus, including production experience and impact, not just theory.
  • Engineering background in software or DevOps SRE with the ability to read, modify code, review pull requests, and build proof of concepts (PoCs).
  • Experience with GitHub security, including reviewing static code scans, triaging findings, eliminating noise, and driving remediation with owners.
  • Experience embedding secure Software Development Life Cycle (SDLC) into Git-based workflows and CI/CD pipelines, including pre-commit hooks, pipeline gates, and policy-as-code.
  • Practical knowledge of SOC 2 and familiarity with NIST 800-53, with the ability to translate requirements into technical tasks and evidence.
  • Ability to operate across code, application, and DevOps containers, including Infrastructure as Code (IaC) basics, secrets management, logging, and monitoring.
  • Clear, persuasive verbal and written communication skills and the ability to prioritize tasks effectively.
  • Excellent time management skills with a proven ability to meet deadlines.
  • Excellent interpersonal and negotiation skills.
  • Ability to read, review, and make recommendations on secure Django Python patterns.
  • Ability to contribute to the application security roadmap, prioritize risks, and sequence work across codebases, application layer, and DevOps.
  • Ability to consult with engineers, communicate requirements, create actionable tickets, acceptance criteria, and drive adoption.
  • Experience conducting pull request reviews focused on security, providing guidance on refactors, and approving or denying with clear rationale.
  • Experience serving as a steward for Static Application Security Testing (SAST) scanning, reviewing static code scan results, triaging findings, and driving remediation.
  • Experience building reference implementations in Django Python, such as authentication patterns, input validation, secrets handling, rate limiting, and geo-based access controls.
  • Mapping SOC 2 and NIST 800-53 requirements to engineering work, translating requirements into stories, controls, and automated evidence in CI/CD.
  • Mapping security architecture, including navigating libraries and architectures, documenting secure patterns, Architecture Decision Records (ADRs), and Request for Comments (RFCs).
  • Overseeing security-related tasks in the Software Delivery Life Cycle (SDLC) to ensure compliance.
  • Collaborating with software developers and code base leads, and acting as a liaison between technical requirements from security, privacy, compliance, and development teams.
  • Reviewing architecture and code changes for security impact and ensuring compliance with all company security policies and standards.
  • Managing and maintaining all security-related tickets, including recommendations, testing, and validation.

Benefits & Perks

Salary range of 119,100 - 147,400 USD annually, with a target compensation of 119,000 - 131,600 USD based on experience
Generous retirement package
Medical, dental, and vision insurance
Pre-tax contribution plans
Employee Stock Ownership Plan (ESOP)

Ready to Apply?

Join Energy Solutions and make an impact in renewable energy

Apply Now

Stay Updated on Sustainability Jobs

Get the latest renewable energy jobs and career tips delivered to your inbox.

More jobs at Energy Solutions

Energy Solutions logo

Director, Software Engineering Hybrid - Boston, MA

Energy Solutions
Boston
Full Time
Jan 1
$145k-170k
Energy Solutions logo

Director, Software Engineering Hybrid - New York, NY

Energy Solutions
New York
Full Time
Jan 1
$145k-170k
Energy Solutions logo

Workday Developer Hybrid Oakland, CA - US

Energy Solutions
Oakland
Full Time
Dec 25
$100k-115k

More jobs in Location not specified

Planet logo

Account Executive APJ

Planet
NEW
Remote
Full Time
14h
Planet logo

Account Executive NATO

Planet
NEW
Remote
Full Time
14h
Planet logo

Account Executive NATO

Planet
NEW
Remote
Full Time
14h