Senior Application Security Enginee
About Limble: Empowering the World's Unsung Heroes
At Limble, we're on a mission to empower the unsung heroes who keep the world running. We’re revolutionizing maintenance operations with a cutting-edge SaaS Computerized Maintenance Management System (CMMS) platform. From preventive maintenance to intricate inventory management, our robust suite of software solutions optimizes asset performance and drives operational excellence for businesses globally. Join us in building the backbone of critical infrastructure and making a real-world impact.
About the Role: Forge the Future of Secure SaaS
Limble is seeking a visionary and hands-on Senior Application Security Engineer to lead, define, and scale our application security program. This is a high-impact, high-ownership role where you will be instrumental in architecting and embedding security into every facet of our modern SaaS CMMS platform.
Reporting directly to our Head of Information Security, you’ll be the critical liaison between security, engineering, and product teams. Your mission: to champion secure-by-design principles, revolutionize our CI/CD security automation, and drive measurable risk reduction without compromising delivery velocity. We're looking for a collaborative leader who can build trusted relationships, coach effectively, and inspire secure development practices across the organization.
Key Responsibilities: Your Impact in Action
Strategically Lead & Own: Define the vision, strategy, and roadmap for Limble’s application security program, collaborating with the Head of Information Security and key stakeholders to drive measurable maturity improvements. SAST, SCA, SBOM (e.g., GitHub Advanced Security, Wiz) Harness Cutting-Edge Automation & AI: Leverage automation and AI-assisted techniques (e.g., Claude, Cursor) to enhance vulnerability discovery, minimize false positives, and scale security testing and validation efforts. OWASP training programs Empower & Scale Security Champions: Partner with and help expand our Security Champions program to coordinate security improvements and enhance incident response capabilities. What Success Looks Like (First 90 Days) A comprehensive assessment of our current application security posture, SDLC integration, and highest-risk areas. Technical Mastery: Your Essential Toolkit AI-Assisted AppSec: Proven ability to leverage tools like Claude and Cursor to scale and automate security activities, including vulnerability identification, test case generation, and developing proof-of-concept exploits. Apply appropriate security guardrails for AI-assisted development tools. Mastery of secure coding practices and principles. Threat Modeling: Experience with methodologies like STRIDE coupled with DREAD. Qualifications: What You Bring 5–8+ years of dedicated experience in application security, product security, or security-focused software engineering roles. Who You Are: Key Traits for Success Relationship-Driven: You build credibility quickly with engineers and stakeholders, fostering collaboration and trust. Benefits: Invested in Your Well-being Competitive Annual Salary: $165,000 - $185,000 Limble is an equal opportunity employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetics, marital status, veteran status, or any other protected characteristic under applicable laws. We are committed to building a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All qualified applicants with arrest or conviction records will be considered in accordance with applicable laws.
Drive Secure Design: Perform hands-on threat modeling and secure design reviews, leveraging these engagements to educate, influence, and guide engineering decisions towards inherently secure architectures.
Collaborate on Vulnerability Management: Partner closely with engineering teams to triage, prioritize, and orchestrate the remediation of vulnerabilities across the entire platform.
Champion Robust Standards: Define and maintain application security standards, ensuring alignment with industry best practices such as OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC principles.
Enhance CI/CD Security Automation: Propose, implement, and operationalize advanced security tooling within our CI/CD pipelines, utilizing platforms like GitHub or Wiz to integrate security seamlessly.
Pioneer Advanced Security Testing: Implement and manage comprehensive security testing capabilities, including:
DAST (driving new tool selection and rollout)
Streamlined vulnerability tracking and remediation workflows
Architect Secure Web Applications & APIs: Provide expert guidance and support for the secure architecture of our web applications and APIs, ensuring robust protection for modern auth patterns, session management, and data.
Cultivate a Culture of Secure Coding: Drive secure coding enablement through targeted initiatives:
Promoting secure coding best practices
Providing personalized coaching based on real-world codebase issues
Measure & Communicate Program Impact: Track and clearly communicate application security program progress, utilizing actionable metrics and comprehensive reporting.
Oversee Responsible Disclosure: Facilitate Limble’s Responsible Disclosure program, managing intake, triage, coordination, and remediation tracking.
A prioritized remediation and maturity roadmap, strategically aligned with both Engineering and Security priorities.
Tangible improvements in CI/CD security coverage, characterized by reduced noise and enhanced signal quality.
Established, repeatable processes for threat modeling, secure design reviews, and efficient vulnerability triage and remediation workflows.
Strong, trusted relationships forged with product, engineering teams, and Security Champions.
Defined and initiated tracking of key application security KPIs and program metrics.
Cloud & Platform: Expertise with AWS.
CI/CD & Source Control: Proficient with GitHub, Wiz, or similar systems for pipeline security.
Security Tooling: Deep experience with SAST, SCA, SBOM, and DAST solutions.
AppSec Expertise:
Strong command of security frameworks: NIST 800-218 (SSDF), OWASP.
In-depth understanding of APIs, authentication, session management, data protection, and microservices security.
Engineering Workflows: Familiarity with Jira or similar systems for issue tracking.
Real-World Exploitation: Strong understanding of common and advanced exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation).
Exceptional depth in web and API security, including modern authentication patterns and cutting-edge attack techniques.
Demonstrated experience securing cloud-native SaaS platforms and microservices architectures.
Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design principles, and developer-first application security approaches.
Proven ability to influence and guide engineering teams through building trust, clear communication, and delivering practical, impactful solutions.
Master Communicator: You can translate complex technical risks into clear, actionable engineering tasks.
Pragmatic & Outcome-Oriented: Your focus is on achieving real, measurable security improvements, not bureaucracy.
Owner & Driver: You are comfortable taking full ownership of initiatives and driving them to successful completion end-to-end.
Fully remote position, offering flexibility and work-life balance.
Flexible PTO to recharge and refresh.
13 paid company holidays per year.
Comprehensive Paid Parental Leave.
Robust Health, Dental, and Vision insurance plans.
Employer-paid Basic Life insurance and Short-Term Disability insurance.
Generous company contribution match for HSA and 401(k).
Flexible Spending Accounts (FSA) options.
Monthly employee wellness stipend to support your health journey.
Opportunities for Learning and Development Reimbursement.
Pet insurance for your furry family members.