Senior Application Security Engineer

Job ID
2026-14143
# of Openings
1
Job Locations
Remote - India
Category
Legal & Information Security

Overview

Senior Application Security Engineer

Location: Remote Work Arrangement: Remote

About the Role

We're looking for a Senior Application Security Engineer to help build and mature our application security program. You'll be a hands-on technical leader embedded across our engineering organization, working with developers to embed security into the SDLC, identifying and remediating vulnerabilities, and shaping the tools and processes that keep our products and customers safe. Deep expertise in securing cloud-native architectures and automating security into CI/CD pipelines is essential, as security needs to scale with our engineering velocity. As AI-powered development becomes a bigger part of how we build and ship software, you'll also help engineers navigate the security challenges that come with it. This is a high-impact, generalist AppSec role for someone equally comfortable reviewing threat models, triaging bug bounty reports, and writing secure coding guidance.

Your Role Responsibilities – Here's What You'll Do

  • Partner with engineering, product, and DevOps teams to integrate security practices throughout the software development lifecycle, with a strong focus on cloud-native environments and automated pipelines.
  • Design, implement, and maintain security tooling and gates within CI/CD pipelines, covering SAST, DAST, SCA, secrets detection, and container scanning, so security feedback reaches developers early and automatically.
  • Collaborate with infrastructure and platform teams to help guide and improve the security posture of cloud-native environments across AWS, GCP, or Azure, including containerized workloads, Kubernetes clusters, serverless functions, and managed services.
  • Lead and own the threat modeling process across product and engineering teams, conducting application security assessments including code review and manual penetration testing of applications.
  • Triage and remediate findings from SAST, DAST, SCA, and bug bounty programs; help engineering teams understand and fix vulnerabilities.
  • Define and maintain secure coding standards, security testing requirements, and developer-facing security documentation.
  • Advise developers on AI security best practices, covering risks introduced by LLM integrations such as prompt injection, insecure output handling, and data leakage, as well as the secure use of AI coding assistants.
  • Evaluate and implement AppSec tooling to improve detection and developer feedback loops.
  • Respond to and investigate security incidents involving application-layer issues.
  • Mentor engineers on security best practices, including emerging AI-related risks, and serve as a trusted security advisor to product teams.
  • Contribute to security architecture reviews for new features and systems, including cloud-native and AI/ML components.

Role Essentials – What You'll Need

  • 5+ years of experience in application security, software security engineering, or a closely related role.
  • Hands-on experience securing cloud-native environments on AWS, GCP, or Azure, including containers, Kubernetes, IAM, and serverless architectures.
  • Proven experience integrating security into CI/CD pipelines (e.g., GitHub Actions, Jenkins) automating SAST, DAST, SCA, and secrets scanning.
  • Strong command of application security fundamentals: OWASP Top 10, secure design principles, and common vulnerability classes such as injection, auth flaws, and business logic issues.
  • Experience with security testing across applications.
  • Proficiency with AppSec tooling such as Checkmarx, Burp Suite, Trivy, Checkov, and Veracode.
  • Ability to read and reason about code in at least one of: Python, JavaScript/TypeScript, Java, Go, .NET (C#), or similar.
  • Strong written and verbal communication skills, with the ability to explain security risk to both technical and non-technical audiences.

 

What We'd Like to See – Preferred Skills

  • Experience with infrastructure-as-code security (Terraform, CloudFormation, Helm) and policy-as-code frameworks such as OPA.
  • Familiarity with AI/LLM security risks including prompt injection, model abuse, and insecure integrations, as well as frameworks like the OWASP Top 10 for LLMs.
  • Experience securing AI-assisted development workflows and reviewing AI-generated code for security issues.
  • One or more relevant certifications: OSCP, CISSP, CEH, GWEB, CCSP, or equivalent.
  • Prior experience in a product-led tech or SaaS environment.

About Hyland

Hyland is the pioneer of the Content Innovation Cloud™, delivering ubiquitous enterprise intelligence to organizations with solutions that unlock actionable insights and drive automation. © Hyland. All rights reserved.

Trusted by thousands of organizations worldwide, including many of the Fortune 100, Hyland's solutions create the foundation for a connected, agentic enterprise, where teams harness the power of AI to redefine how they operate and engage with those they serve. For additional information on Hyland's platform and services, please visit Hyland.com.

#HylandLife

Since 1991, it has been Hyland's mission to help our employees, customers and partners exceed their potential with our industry-leading content services platform. Our employees exude a contagious energy and are passionate about what they do – whether it's helping customers succeed, raising up their fellow Hylanders, or engaging in the communities where they live and work.

The #HylandLife hashtag encompasses our employee-centric culture. Our employees live our culture day in and day out by bringing their best self to work. Hyland supports them to do just that through career development resources, wellbeing programs and innovation practices. We thrive on diverse viewpoints and new ideas and believe that a positive, inclusive workplace is imperative to sustainable success.

As we've grown to a company of nearly 4,000 strong, we have the opportunity to make a significant impact on our communities. We strongly support employee initiatives and align our giving campaigns and programs to organizations that are important to them.

Equal Opportunity Statement

Hyland is an equal opportunity employer. We value diversity and are committed to providing an inclusive workplace for all employees and applicants. Employment decisions are made without regard to any characteristic protected by applicable laws and regulations. Information collected during the hiring process is used solely to assess qualifications, verify identity, and comply with legal requirements.

 

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed