Application Security Engineer-II

Application Security Engineer-II
At Urbint, our mission is to make communities more resilient. We do this by pairing external data with artificial intelligence to identify areas of high risk and prevent catastrophic loss for utilities across the country. We are a team of close-knit engineers, entrepreneurs, and data geeks who obsess over problem-solving, new technologies and making a positive impact in our communities.

Job Summary
We are seeking an Application Security Engineer-II to help embed security within Urbint’s software development lifecycle and scale our product security practices. This role focuses on enabling developers with the right tools, patterns, and guidance, while collaborating with engineering, CloudOps, and InfoSec to proactively identify, assess, and mitigate risk across Urbint’s platforms. You’ll also support Urbint’s security posture in customer engagements and help evaluate and improve the maturity of security controls across our products.

What You'll Do

• Design and implement security tooling and automation in CI/CD pipelines (SAST, secrets scanning, dependency checks, IaC scanning) to integrate security at build-time.
• Conduct security assessments of Urbint’s web apps, APIs, cloud-native services, and internal tooling using manual and automated approaches.
• Lead and facilitate threat modeling for critical features and systems, and drive mitigation strategies with engineering teams.
• Collaborate on application security design, providing guidance on authentication, authorization, encryption, input validation, error handling, and data protection.
• Evaluate the security maturity of Urbint products, identify gaps, and partner with engineering to close them.
• Partner with InfoSec to support customer security questionnaires, audits, and external security posture communications.
• Promote secure coding practices and define reusable secure patterns, golden paths, and developer guides.
• Support and enable Security Champions across squads through mentorship, training, and playbooks.
• Work with CloudOps on runtime guardrails, including secrets management, identity controls, and logging practices.
• Assist in security incident investigations related to application-layer vulnerabilities and support remediation planning.
• Deliver security awareness sessions and workshops to uplift team security knowledge.
• Stay up to date on security trends, tools, and best practices, and share knowledge with engineering teams.

Who You Are

• 6+ years experience in application security or DevSecOps roles.
• Solid understanding of web application security (e.g., OWASP Top 10, ASVS) and common vulnerabilities
• Hands-on experience with security tooling in CI/CD pipelines (e.g., SAST, SCA, secrets scanning, IaC scanning).
• Experience in secure architecture, threat modeling, and design reviews.
• Proficiency with a modern programming language (Python, TypeScript, JavaScript, or similar).
• Strong communication skills, able to collaborate effectively across engineering, CloudOps, and InfoSec teams.
• Bonus: Experience supporting data security initiatives or customer security assessments.
• Bonus: Familiarity with cloud-native environments (AWS, GCP, Azure)

Benefits

• Competitive compensation package
• Generous Paid Time off, Paid Company Holidays including Mental Health Days
• Medical Insurance covering self, spouse, 2 children and parents/in-laws
• Hybrid work – 3 days at office; 2 days at home

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.