We are seeking an Application Security Engineer-II to help embed security within Urbints software development lifecycle and scale our product security practices. This role focuses on enabling developers with the right tools, patterns, and guidance, while collaborating with engineering, CloudOps, and InfoSec to proactively identify, assess, and mitigate risk across Urbints platforms. Youll also support Urbints security posture in customer engagements and help evaluate and improve the maturity of security controls across our products.

What You'll Do :

- Design and implement security tooling and automation in CI/CD pipelines (SAST, secrets scanning, dependency checks, IaC scanning) to integrate security at build-time.

- Conduct security assessments of Urbints web apps, APIs, cloud-native services, and internal tooling using manual and automated approaches.

- Lead and facilitate threat modeling for critical features and systems, and drive mitigation strategies with

engineering teams.

- Collaborate on application security design, providing guidance on authentication, authorization, encryption, input validation, error handling, and data protection.

- Evaluate the security maturity of Urbint products, identify gaps, and partner with engineering to close them.

- Partner with InfoSec to support customer security questionnaires, audits, and external security posture communications.

- Promote secure coding practices and define reusable secure patterns, golden paths, and developer guides.

- Support and enable Security Champions across squads through mentorship, training, and playbooks.

- Work with CloudOps on runtime guardrails, including secrets management, identity controls, and logging practices.

- Assist in security incident investigations related to application-layer vulnerabilities and support remediation planning.

- Deliver security awareness sessions and workshops to uplift team security knowledge.

- Stay up to date on security trends, tools, and best practices, and share knowledge with engineering teams.

Who You Are :

- 6+ years experience in application security or DevSecOps roles.

- Solid understanding of web application security (e.g., OWASP Top 10, ASVS) and common vulnerabilities

- Hands-on experience with security tooling in CI/CD pipelines (e.g., SAST, SCA, secrets scanning, IaC scanning).

- Experience in secure architecture, threat modeling, and design reviews.

- Proficiency with a modern programming language (Python, TypeScript, JavaScript, or similar).

- Strong communication skills, able to collaborate effectively across engineering, CloudOps, and InfoSec teams.

- Bonus : Experience supporting data security initiatives or customer security assessments.

- Bonus : Familiarity with cloud-native environments (AWS, GCP, Azure)

Benefits :

- Competitive compensation package

- Generous Paid Time off, Paid Company Holidays including Mental Health Days

- Medical Insurance covering self, spouse, 2 children and parents/in-laws

- Hybrid work 3 days at office; 2 days at home

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.