C
Canarytechnologies6mo ago

Senior Application Security Engineer

United StatesUnited StatesRemoteFull Timesenior
SecurityApplication Security EngineerCybersecurity
0 views0 saves0 applied
Apply Now

Quick Summary

Overview

About Us Canary Technologies is changing the game for hotels with modern software powered by Canary's hospitality-specific AI platform. Canary is utilized by 20,

Technical Tools
SecurityApplication Security EngineerCybersecurity
About Us
Canary Technologies is changing the game for hotels with modern software powered by Canary's hospitality-specific AI platform.

Canary is utilized by 20,000+ hoteliers in 100+ countries to equip hoteliers with the technology they need to work smarter and wow their guests. Major hotel brands such as Wyndham, Marriott, IHG, Four Seasons, Rosewood, and Best Western trust Canary to deliver results.

Canary was named a 2024 Deloitte Technology Fast 500™ company, a Most Innovative Company by Fast Company and a HotelTechReport Best Place to Work — and is backed by top Silicon Valley investors like Y Combinator, F-Prime, Brighton Park Capital and Insight Partners.

Join us in shaping the future of hospitality!


About the Role
Our team is growing and we're hiring a Senior Application Security Engineer to join our engineering team and enable our next phase of growth. Canary's engineering team is fully remote!
 
This role focuses on embedding security into the software development lifecycle (SDLC) and partnering with developers to make secure design the default. You will own the strategy for application security tooling, automation, and developer enablement while collaborating closely with SREs, infra, and data engineers to keep our platform both secure and scalable.
  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams.
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions).
  • Partner with developers on new features and systems to identify risks early in the lifecycle.
  • Implement best practices for secrets handling, API authentication/authorization, and data protection.
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster.
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution.
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements.
  • Implement monitoring, alerting, and remediation for security incidents across our platform.
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates.
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows.
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others.
  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale.
  • Excellent communication and teamwork abilities.
  • Strong experience integrating security into modern SDLC pipelines.
  • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.).
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation).
  • Familiarity with AWS/Kubernetes security.
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries.
  • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity.
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF).
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies).
  • Hands-on with Terraform, Helm, and GitOps practices.
  • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua).
  • Knowledge of networking, encryption, and cloud-native security best practices.

    • Listing Details

    Posted
    September 29, 2025
    First seen
    March 26, 2026
    Last seen
    April 23, 2026

    Posting Health

    Days active
    27
    Repost count
    0
    Trust Level
    32%
    Scored at
    April 23, 2026

    Signal breakdown

    freshnesssource trustcontent trustemployer trust
    Apply for this position

    4 other jobs at Canarytechnologies

    View all →

    Explore open roles at Canarytechnologies.

    C
    Senior Accountant
    USD 115000–125000
    Full Time
    C
    Product Marketing Manager
    USD 120000–175000
    Full Time
    C
    Account Executive (Benelux)
    Full Time
    C
    Customer Success Manager (APAC)
    Full Time

    Similar Application Security Engineer jobs

    View all →
    IherbIherbRemote
    Principal Application Security Engineer
    USD 177000-225000
    Remote
    IherbIherbRemote
    Application Security Engineer
    USD 100000-140000
    Remote
    XaiXai
    Application Security Engineer
    $200k–$340k/yr
    TwinhealthTwinhealthRemote
    Application Security Engineer
    $110k–$120k/yr
    Remote
    ReltioReltio
    Senior Application Security Engineer
    QuanataQuanataRemote
    Senior Application Security Engineer [Remote-US]
    $220k–$350k/yr
    Remote

    Browse Similar Jobs

    Security Engineer181Cloud Security Engineer44Product Security Engineer41DevSecOps Engineer38Threat Intelligence Analyst26Security Analyst25Security Operations Engineer22Security Architect16Offensive Security Engineer14Blue Team Engineer11Network Security Engineer10Third-Party Risk Analyst10Digital Forensics Analyst10Compliance Security Analyst9Security Consultant8Governance Risk and Compliance Manager8Grc Analyst8Soc Engineer7Identity Security Engineer7Data Protection Specialist6
    Newsletter

    Stay ahead of the market

    Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

    A
    B
    C
    D
    Join 12,000+ marketers

    No spam. Unsubscribe at any time.

    C
    Senior Application Security Engineer
    Apply Now