Tech Stack

Description

You'll own the application security program end-to-end at RegScale, embedding security into the software development lifecycle through threat modeling, secure design reviews, and CI/CD integration. You'll influence engineering teams to shift security left, manage vulnerabilities, and support compliance frameworks like FedRAMP and NIST, all in a high-autonomy role without direct authority but with significant impact.

Requirements

• 10+ years of application security experience with ownership of security programs across complex engineering orgs
• Deep expertise in threat modeling, secure design review, vulnerability assessment, penetration testing, and secure development
• Proven ability to operate as a solo practitioner, setting priorities independently and delivering outcomes
• Strong experience influencing engineering teams without direct authority through technical depth and practical solutions
• Experience integrating security into CI/CD pipelines with a shift-left mindset

Responsibilities

• Own application security program end-to-end: identify risks, set priorities, build strategy, drive implementation, and measure outcomes
• Conduct threat modeling and security design reviews early in development process
• Shift security left by coaching developers on secure coding and reviewing code for vulnerabilities
• Integrate security tooling into CI/CD pipelines: static analysis, dependency scanning, secrets detection
• Coordinate penetration testing and security assessments, translating findings into engineering action