O
Posted 9 hours ago
Application Security Engineer
Opal Security
Requirements
4+ years in application security, Production coding experience, Expertise in OAuth 2.0, OIDC, and SAML, Experience with AWS, Kubernetes, and Docker
Skills
GoTypeScriptAWS
About the role
About the Company
At Opal, we’re building modern identity governance for the AI era—intelligent access management that empowers enterprises to move fast while staying secure. Our mission is to bring clarity, control, and confidence to complex enterprise environments.
Responsibilities
- Own the secure SDLC end-to-end including threat modeling, design reviews, and code reviews
- Run and coordinate internal and external application pentests and drive findings to closure
- Build and own SAST/DAST/SCA tooling integrated into CI/CD
- Triage and remediate vulnerabilities from bug bounties and internal scans
- Build and maintain security-critical services including encryption, authorization enforcement, and authentication flows
- Manage Auth0 integration, including tokens, sessions, MFA, and SSO (SAML, OIDC, OAuth 2.0)
- Ship production Go and TypeScript to harden APIs and enforce least-privilege
- Lead incident response, investigation, and root cause analysis
- Partner with Infrastructure on cloud hardening involving AWS IAM, EKS, and KMS
- Mentor engineers on secure coding and security architecture
Requirements
- 4+ years in application security or software security engineering
- Proven experience writing production code
- Deep expertise in authentication protocols: OAuth 2.0, OIDC, SAML, and session management
- Proficiency with AWS and containerized environments like Kubernetes and Docker
- Experience leading complex, cross-functional security initiatives
- Experience running or participating in external pentests
ScoutJobs Agent
Get matches like this delivered daily
Sign up free — we'll pull jobs that fit your CV from across the web and rank them for you.
Get started — it's freeApplication Security Engineer
Opal Security · San Francisco
