Application Security Enginee
Are you a highly skilled Application Security Engineer looking to make a significant impact? Weave is seeking a proactive and experienced professional to bridge the critical gap between Software Engineering and Corporate Governance. If you thrive in a dynamic SaaS engineering and product development environment, possess deep knowledge across multiple languages, frameworks, and protocols, and excel at aligning technical systems with compliance, contracts, and controls, we want to talk to you.
This role demands expertise in core application security practices including Code Analysis (SAST/DAST), Risk Analysis, Logging and Event Management, Threat Modeling, and Authentication/Authorization Protocols, understanding how these contribute to a robust security posture. Experience with VOIP and Telephony systems is a major plus.
We are looking for an individual with strong project management capabilities, a drive to lead urgent security initiatives to completion with precision and intention, and an unwavering commitment to securing our innovative products.
This position will be hybrid (remote/in office)
Reports to the Head of Security
Your Mission & Impact Collaborating closely with product and development teams to proactively identify and mitigate security risks from conception to deployment. What You'll Bring to the Team 2+ years of dedicated experience as a full-time security researcher and/or application security engineer. What Will Make You Stand Out A deep understanding and demonstrable mastery of application security practices, secure code development methodologies, and application security tooling. At Weave, we use Artificial Intelligence (AI) tools to help us work more efficiently and create a smoother candidate experience. AI may assist with things like writing job descriptions, scheduling interviews, or reviewing applications against job-related criteria. For additional information, please review the External AI Policy Statement available on our Careers page.
As an Application Security Engineer, you will be a pivotal force in embedding security throughout the software development lifecycle, ensuring Weave’s products are secure by design. Your responsibilities will include:
Acutely identifying vulnerabilities introduced during product development through rigorous analysis.
Owning the deployment, tuning, triaging, and review of output from static code analysis (SAST), dependency code scanning (SCA), dynamic code analysis (DAST), and other application security tools.
Seamlessly deploying security tooling into SDLC environments and CI/CD pipelines.
Holding team members accountable to established SLAs and timelines for mitigating identified application security risks.
Facilitating comprehensive application security reviews and leading threat modeling exercises.
Educating and empowering engineering teams to adopt self-serve secure development practices.
Engaging with and managing third-party penetration testing organizations to facilitate effective security assessments against Weave and its products.
Continuously optimizing the application security review process to align with Weave’s fast-paced product development cycles.
Conducting "Red Teaming" exercises to uncover untreated application security risks and vulnerabilities.
Developing and delivering training to Weave’s development team members to build confidence in secure development practices.
Enhancing security awareness and championing good security practices throughout the entire organization.
Performing demos and talks for both engineering and non-technical staff to disseminate critical security information and insights.
Serving as a trusted subject matter expert, providing advice and guidance to team members on all security-related matters.
Working closely with designers and engineers to deliver inherently secure experiences to our customers.
Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.
A proactive willingness to responsibly discover and assess Weave systems to identify meaningful and exploitable risks.
Proven experience in assessing the security configuration and hardness of systems, databases, network devices, applications, and processes within an organizational context.
Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.
Demonstrated strong integrity, ensuring the trust of Weave customers is never compromised.
Capability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor security posture.
Experience collaborating effectively with security operations analysts to enhance the detection of nefarious activity.
In-depth knowledge of effective threat modeling skills and techniques.
Hands-on experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools.
Strong understanding of AWS and GCP cloud platforms and their core services.
Comprehensive working knowledge of Linux, Windows, and other common computer technologies.
A deep understanding of security best practices across various domains.
Demonstrably strong and effective communication skills, both written and verbal.
A proven track record of accomplishments and success in securing SaaS products in previous roles and companies.
A genuine passion for Weave’s products, our mission, and enthusiasm for the challenges we are solving.
Exceptional ability to remove ambiguity, distill complex problems, and prioritize what truly matters.
A great sense of humor and the ability to find joy and fun while working hard!
Weave is an equal opportunity employer that is committed to fostering an inclusive workplace where all individuals are valued and supported. We welcome anyone who is hungry to learn, problem-solve and progress regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics. If you have a disability or special need that requires accommodation, please let us know.
All official correspondence will occur through Weave branded email. We will never ask you to share bank account information, cash a check from us, or purchase software or equipment as part of your interview or hiring process.