Senior Application Security Engineer

Reltio Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• Own the end-to-end security posture for a cloud-native, multi-tenant SaaS platform that processes billions of customer records daily, ensuring that every line of code and every configuration change meets the highest standards of confidentiality, integrity, and availability.
• Lead threat-modeling workshops with product managers, architects, and engineers to surface and prioritize security risks early in the SDLC, translating complex attack vectors into actionable remediation plans that can be tracked through Jira and reported to executive leadership.
• Design and implement secure-by-default patterns for microservices, APIs, and data pipelines running on AWS, Azure, and GCP, leveraging Infrastructure-as-Code (Terraform, CloudFormation) to enforce guardrails that prevent drift and misconfiguration.
• Drive the selection, rollout, and tuning of SAST, DAST, SCA, and container-scanning tools (e.g., Semgrep, Snyk, Prisma, Trivy) so that vulnerabilities are caught in minutes, not months, and false positives are reduced to near-zero through custom rules and AI-based triage.
• Establish and continuously improve a bug-bounty and responsible-disclosure program that turns external researchers into an extension of your team, while maintaining SLAs that delight both security researchers and internal stakeholders.
• Partner with the CISO and Legal to maintain SOC 2 Type II, ISO 27001, HIPAA, and GDPR compliance artifacts, automating evidence collection and audit responses so that compliance becomes a by-product of great engineering rather than a last-minute scramble.
• Mentor junior AppSec engineers and run internal “purple-team” exercises that teach developers how attackers think, dramatically reducing repeat vulnerabilities and fostering a culture where security is everyone’s job.
• Instrument real-time dashboards in Datadog or Splunk that correlate code commits, build events, and runtime telemetry to give executives a single pane of glass for application risk, while alerting on anomalous behavior that could signal zero-day exploitation.
• Collaborate with Data Science teams to embed privacy-preserving techniques—tokenization, differential privacy, and homomorphic encryption—into AI-driven entity-resolution workflows, ensuring that customer PII is never exposed even to internal models.
• Champion the adoption of secure-coding standards (OWASP ASVS, NIST SSDF) across 20+ engineering squads, delivering hands-on workshops, code-review checklists, and IDE plugins that cut new defect introduction rates by 50% within the first year.
• Respond to high-severity incidents as part of a 24×7 on-call rotation, conducting root-cause analyses that feed directly back into architectural improvements and post-mortems celebrated for their clarity and lack of blame.
• Influence the product roadmap by quantifying security ROI—reduced breach likelihood, faster sales cycles, lower cyber-insurance premiums—and presenting findings to the board in plain English that connects technical debt to business value.

🎯 Requirements

• 5+ years of hands-on application-security experience in a cloud-native, microservices environment, including deep familiarity with AWS IAM, Kubernetes RBAC, and container image hardening.
• Expert-level proficiency in at least one modern programming language (Java, Python, or Go) and the ability to read and reason about code written by others during secure-code reviews.
• Demonstrated success implementing and tuning SAST/DAST/SCA tools in CI/CD pipelines (GitHub Actions, Jenkins, or GitLab CI) with measurable reductions in mean-time-to-remediate (MTTR).
• Strong written and verbal communication skills that allow you to explain complex vulnerabilities to non-technical stakeholders and to write concise, actionable security requirements for engineers.
• Nice-to-have: active contributions to the security community (CVEs, conference talks, open-source projects) or certifications such as CISSP, CSSLP, or GWEB.

🏖️ Benefits

• Fully remote-first culture with quarterly in-person summits in top-tier destinations, plus a $1,500 annual stipend for your ideal home-office setup.
• Competitive salary, annual performance bonus, and equity in a fast-growing, pre-IPO company backed by top-tier VCs.
• Comprehensive health, dental, and vision coverage for you and your dependents from day one, with 100% of premiums covered by Reltio.
• Flexible PTO policy with a mandatory minimum of 15 days, plus company-wide mental-health days and a 12-week paid parental leave program.

Skills & Technologies

Senior

Remote

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Reltio Inc.

Visit Website

About Reltio Inc.

Reltio Inc. provides a cloud-native, master data management (MDM) platform that unifies customer, product, supplier, and other critical business data. Its software delivers real-time, trusted data to enterprises for analytics, compliance, and customer engagement. The platform combines entity resolution, data quality, and graph technology to create a single source of truth. Reltio serves global organizations in healthcare, life sciences, financial services, and retail, enabling digital transformation through scalable, AI-driven data operations.

View Company Profile