About LimbleAt Limble we empower the unsung heroes who support the world. We’re revolutionizing the way businesses manage their maintenance operations by providing a comprehensive suite of software solutions that empower organizations to optimize asset performance and drive operational excellence. From preventive maintenance to inventory management and beyond, our robust CMMS platform offers a suite of features designed to streamline operations and enhance productivity.About the RoleLimble is hiring a Senior Application Security Engineer to lead and scale our application security program for a modern SaaS computerized maintenance management (“CMMS”) platform. This is a senior, high-ownership role requiring deep hands-on technical ability and strong cross-team influence.You’ll partner closely with Engineering and Product to embed secure-by-design practices into the SDLC, improve CI/CD security automation, and drive measurable risk reduction. Success requires someone who is extroverted, collaborative, and trusted by engineers. You must be able to build relationships, coach effectively, and drive security outcomes without slowing delivery.ResponsibilitiesOwn and lead Limble’s application security program. Working closely with the Head of Information Security and stakeholders to define the strategy and roadmap including priorities and maturity improvementsPerform hands-on security work including threat modeling and secure design reviews. Use reviews as an opportunity to educate.Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platformDefine and maintain application security standards aligned with OWASP Top 10, NIST 800-218, and secure SDLC best practices.Propose improvements and support operationalizing security tooling in CI/CD pipelines, including GitHub Advanced Security.Implement and manage security testing capabilities across:SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.)DAST (new tool selection and rollout)Vulnerability tracking and remediation workflowsSupport secure architecture for web applications and APIsDrive secure coding enablement through:OWASP trainingSecure coding best practicesTargeted coaching based on real issues found in the codebasePartner with and help scale our Security Champions program to coordinate security improvements and responseTrack and communicate application security program progress using clear metrics and reportingFacilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation trackingWhat Success Looks Like (First 90 Days)Assess current application security posture, secure SDLC integration, and highest-risk areasDeliver a prioritized remediation and maturity roadmap aligned with Engineering and Security prioritiesImprove CI/CD security coverage and reduce noise/false positivesEstablish repeatable processes for:Threat modelingSecure design reviewsVulnerability triage + remediation workflowsBuild strong working relationships with engineering teams and Security ChampionsDevelop initial set of application security KPIsTechnical Skills & ToolingCloud & platform: AWSCI/CD & source control: GitHub, GitHub Actions, GitHub Advanced Security, WizSecurity tooling: SAST, SCA, SBOM, DAST, Burp SuiteAppSec expertise:Secure coding practicesSecurity frameworks (NIST 800-218), OWASPAPIs, auth, session management, data protection, microservicesThreat modeling: STRIDE w/ DREADEngineering workflows: JiraFamiliarity with AI-assisted development tools (e.g., Cursor) and how to apply security guardrailsStrong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation).Qualifications5–8+ years in application security, product security, or security-focused software engineeringStrong depth in web and API security, including modern auth patterns and attack techniquesExperience securing cloud-native SaaS platforms and microservices architecturesStrong working knowledge of OWASP Top 10, secure SDLC, and shift-left securityProven ability to influence engineering teams through trust, clarity, and practical solutionsKey Traits for This RoleRelationship-driven and able to build credibility quickly with engineersStrong communicator who can translate risk into actionable engineering workPragmatic and outcome-oriented: focused on real security improvements, not bureaucracyComfortable taking ownership and driving initiatives end-to-endBenefitsCompetitive Salary15 Vacation daysSupplemental private health and dental insuranceAll Colombian national public holidays offLimble is an equal opportunity employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetics, marital status, veteran status, or any other protected characteristic under applicable laws. We are committed to building a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All qualified applicants with arrest or conviction records will be considered in accordance with applicable laws.For team members outside of the US we employ and pay through an Employer of Record (EOR). We take a location-based pay approach, and compensation for this role is dependent on several factors such as location, work experience, job-related skills, business needs, and market demands.