openashbyhqa16z
Application Security Engineer
OpenGov
LocationIndia | Pune
WorkplaceOnSite
EmploymentFullTime
Posted2026-06-11T08:44:36.968+00:00
Last observed2026-06-16 13:29:20.112236
Job ida16z-opengov:ashbyhq:dcb78ba1-727a-4dbf-8e88-43a09d580523
OpenGov is the leader in AI and ERP solutions for local and state governments in the U.S. More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov Public Service Platform to operate efficiently, adapt to change, and strengthen the public trust. Category-leading products include enterprise asset management, procurement and contract management, accounting and budgeting, billing and revenue management, permitting and licensing, and transparency and open data. These solutions come together in the OpenGov ERP, allowing public sector organizations to focus on priorities and deliver maximum ROI with every dollar and decision in sync. Learn about OpenGov’s mission to power more effective and accountable government and the vision of high-performance government for every community at OpenGov.com http://OpenGov.com. JOB SUMMARY: The Application Security Engineer is a technical individual who is responsible for ensuring the security, integrity, and resilience of our cloud-native SaaS applications. This role partners closely with Software Engineering, Product, DevOps, and Security Operations to embed security into every phase of the SDLC. The ideal candidate is hands-on, highly collaborative, and capable of scaling AppSec processes that align with best practices, regulatory requirements, and the needs of a rapidly growing technology organization. RESPONSIBILITIES: - Embed security into CI/CD pipelines through scalable guardrails, automated security checks, and continuous improvements to developer workflows. - Drive adoption of secure coding best practices across engineering teams through tooling, guidance, and direct partnership. - Lead threat modeling exercises for high-risk features and new architecture patterns. - Own, maintain, and tune AppSec tooling including SAST, DAST, SCA, secrets scanning, container scanning, and dependency management. - Partner with DevOps to ensure automated testing integrates into build, test, and deploy workflows with high signal-to-noise and minimal developer friction. - Evaluate emerging technologies and automation opportunities to strengthen AppSec capabilities. - Lead triage, prioritization, and root-cause analysis for application vulnerabilities discovered through internal testing, bug bounty programs, pentests, and external researchers. - Ensure timely remediation through strong cross-functional partnership, driving the right balance of risk, velocity, and operational maturity. - Support security reviews, pen test scoping, and remediation programs tied to GovRAMP, SOC 2, and customer requirements. - Conduct manual reviews of critical code paths, APIs, backend services, and cloud components to identify security defects that automation may miss. - Advise on secure design patterns for microservices, cloud-native architectures, authentication/authorization mechanisms, secrets management, and data protection. - Collaborate with Security Operations during active incidents involving application or product vulnerabilities. - Perform deep-dive analysis of new vulnerabilities, exploit techniques, frameworks, and supply-chain risks affecting our tech stack. - Mentor engineering teams on secure design, secure coding, and modern AppSec patterns. - Lead internal workshops, brown bags, and knowledge-sharing sessions. - Contribute to internal AppSec documentation, policies, and secure development standards. REQUIREMENTS AND PREFERRED EXPERIENCE: Qualifications Required - 5+ years of application security, secure development, or software engineering experience (or equivalent real-world experience). - Hands-on experience with SAST, DAST, SCA, secrets scanning, container scanning, and CI/CD integration. - Expertise in OWASP Top 10, ASVS, SANS CWE Top 25, and secure coding principles. - Ability to perform threat modeling, code review, and architecture analysis. - Experience partnering with Engineering to drive remediation and long-term maturity improvements. Preferred - E
This page is generated from the committed OpenOpps static snapshot. Use the source posting or apply link for the employer's current canonical posting state.