Job Overview
At Sahl, our engineering teams move fast, and the scale of our product means security must be embedded into how we write, review, and ship code. We're looking for an Application Security Engineer who enjoys diving deep into source code, pipelines, and libraries and who sees secure engineering as a culture, not a checklist.
This is a hands-on role influencing how every line of code at Sahl is written, scanned, reviewed, and deployed.
Responsibilities
- Implement and maintain SAST, SCA, secrets scanning, and dependency security tooling to keep the codebase clean and free from vulnerabilities.
- Integrate security rules, coding standards, and best practices directly into the SDLC and developer workflows.
- Partner with engineering teams during design, development, and code review to prevent vulnerabilities early.
- Conduct threat modeling for new features and architectural changes.
- Manage vulnerability triage, prioritization, and remediation coordination with engineering teams.
- Track compromised libraries, outdated dependencies, and supply-chain risks.
- Build developer-friendly documentation, examples, and playbooks to promote secure coding practices.
Qualifications
- Experience in application security, secure coding practices, and modern development frameworks.
- Deep understanding of OWASP, SAST/SCA tools, secure SDLC methodologies, and dependency management.
- Ability to read and understand code fluently, regardless of programming language.
- Strong communication skills to explain vulnerabilities clearly without creating fear.
- Proactive, prevention-focused mindset rather than a policing approach.
