Senior Application Security Engineer

Limble CMMS, Inc.

Job Overview

Location

Remote

Job Type

Full-time

Full Job Description

📋 Description

• As a Senior Application Security Engineer at Limble CMMS, you will lead and scale the application security program for a modern SaaS platform that empowers maintenance teams worldwide, directly contributing to the security and reliability of software that keeps critical infrastructure running.
• You will partner with engineering and product teams to embed secure-by-design practices into the software development lifecycle, ensuring that security is built in from the start rather than bolted on at the end.
• Your day-to-day responsibilities will include owning and leading Limble’s application security program, defining strategy and roadmap in partnership with the Head of Information Security, and driving measurable improvements in security maturity across the organization.
• You will perform hands-on security work such as threat modeling and secure design reviews, using these engagements to educate engineers and influence better security decisions early in the development process.
• You will partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform, acting as a trusted advisor who helps teams fix issues efficiently without slowing delivery.
• You will define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices, ensuring consistency and compliance across all development efforts.
• You will propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub Advanced Security and Wiz, integrating security checks seamlessly into automated workflows.
• You will implement and manage security testing capabilities across SAST, SCA, SBOM, and DAST, including selecting and rolling out new DAST tools and establishing vulnerability tracking and remediation workflows.
• You will leverage automation and AI-assisted techniques—such as using Claude and Cursor—to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts.
• You will support secure architecture for web applications and APIs, ensuring that authentication, authorization, session management, and data protection are implemented correctly.
• You will drive secure coding enablement through OWASP training, secure coding best practices, and targeted coaching based on real vulnerabilities found in the codebase.
• You will partner with and help scale the Security Champions program to foster a culture of security ownership across engineering teams and improve incident response coordination.
• You will track and communicate application security program progress using clear metrics and reporting, demonstrating impact to leadership and stakeholders.
• You will facilitate Limble’s Responsible Disclosure program, managing the intake, triage, coordination, and remediation tracking of external security reports.
• In your first 90 days, you will assess the current application security posture, identify highest-risk areas, and deliver a prioritized remediation and maturity roadmap aligned with engineering and security priorities.
• You will improve CI/CD security coverage while reducing noise and improving signal quality, ensuring that security alerts are actionable and trusted by developers.
• You will establish repeatable processes for threat modeling, secure design reviews, and vulnerability triage and remediation workflows, creating sustainable security practices.
• You will build strong, trusted relationships with product and engineering teams and Security Champions, becoming a go-to resource for security guidance.
• You will define and begin tracking key application security KPIs and program metrics, enabling data-driven decisions and continuous improvement.

🎯 Requirements

• 5–8+ years of experience in application security, product security, or security-focused software engineering
• Strong depth in web and API security, including modern authentication patterns and exploitation techniques such as auth bypass, injection, SSRF, XSS, IDOR, deserialization, and privilege escalation
• Experience securing cloud-native SaaS platforms and microservices architectures, particularly on AWS
• Proven ability to influence engineering teams through trust, clarity, and practical solutions, with a focus on outcomes over bureaucracy
• Hands-on expertise with security tooling including SAST, SCA, SBOM, DAST, and familiarity with AI-assisted development tools like Cursor and Claude

🏖️ Benefits

• $165,000 - $185,000 annual salary
• Fully remote position with flexible PTO and 13 paid company holidays
• Comprehensive health, dental, and vision insurance, plus employer-paid basic life and short-term disability insurance
• Company contribution match for HSA and 401(k), flexible spending accounts, and monthly employee wellness stipend
• Opportunities for Learning and Development Reimbursement, pet insurance, and paid parental leave

Skills & Technologies

AWS

GitHub

Senior

Remote

$165k-185k

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Limble CMMS, Inc.

Visit Website

About Limble CMMS, Inc.

Limble CMMS, Inc. provides cloud-based computerized maintenance management software that enables manufacturing, facility, and fleet teams to plan, execute, and track preventive and reactive maintenance. The platform combines work orders, asset hierarchies, spare-parts inventory, IoT sensor data, and mobile-first workflows to reduce downtime and extend equipment life. Analytics dashboards surface KPIs such as MTBF, MTTR, and maintenance costs, while open APIs integrate with ERP and SCADA systems. Founded in 2015 and headquartered in Utah, the company serves mid-size to Fortune 500 organizations across North America, Europe, and Asia-Pacific.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.