Senior Application Security Engineer

🇺🇸 United States - Remote
🔒 Cybersecurity🟣 Senior

Job description

About Us

Canary Technologies is changing the game for hotels with modern software powered by Canary’s hospitality-specific AI platform.

Canary is utilized by 20,000+ hoteliers in 100+ countries to equip hoteliers with the technology they need to work smarter and wow their guests. Major hotel brands such as Wyndham, Marriott, IHG, Four Seasons, Rosewood, and Best Western trust Canary to deliver results.

Canary was named a 2024 Deloitte Technology Fast 500™ company, a Most Innovative Company by Fast Company and a HotelTechReport Best Place to Work — and is backed by top Silicon Valley investors like Y Combinator, F-Prime, Brighton Park Capital and Insight Partners.

Join us in shaping the future of hospitality!

About the Role

Our team is growing and we’re hiring a Senior Application Security Engineer to join our engineering team and enable our next phase of growth. Canary’s engineering team is fully remote!

This role focuses on embedding security into the software development lifecycle (SDLC), partnering with developers to make secure design the default. You will own the strategy for application security tooling, automation, and developer enablement while collaborating closely with SREs, infra, and data engineers to keep our platform both secure and scalable.

Responsibilities

  • Define and enforce best practices for secure coding, dependency management, and design reviews across engineering teams
  • Integrate and manage SAST, DAST, and SCA tools within CI/CD pipelines (e.g., GitHub Actions)
  • Partner with developers on new features and systems to identify risks early in the lifecycle
  • Implement best practices for secrets handling, API authentication/authorization, and data protection
  • Build security guidelines, training, and reusable libraries/patterns so that teams can ship secure code faster
  • Triage and prioritize findings from bug bounties, penetration tests, and automated scans, ensuring timely resolution
  • Act as the bridge between application developers and platform engineers to align app security with infra and compliance requirements
  • Implement monitoring, alerting, and remediation for security incidents across our platform
  • Scan and remediate vulnerabilities in container images, OS packages, dependencies, and IaC templates
  • Design and maintain least-privilege IAM roles, secrets management, and authentication flows
  • Automate evidence gathering and control enforcement for SOC 2, ISO 27001, and others

Qualifications

  • 6+ years in security engineering, DevSecOps, or related roles, including experience at scale
  • Excellent communication and teamwork abilities
  • Strong experience integrating security into modern SDLC pipelines
  • Hands-on with AppSec tooling (Snyk, OWASP ZAP, Burp Suite, SonarQube, Checkmarx, etc.)
  • Solid understanding of web app security (OWASP Top 10, API security, auth flows, input validation)
  • Familiarity with AWS/Kubernetes security
  • Strong programming skills (Python, Go, or JavaScript) to build tools, write secure code, and contribute to developer libraries
  • Proven track record in partnering with product and engineering teams to drive security adoption without slowing down velocity
  • Strong AWS security skills (IAM, KMS, Security Hub, GuardDuty, WAF)
  • Experience with Kubernetes security (RBAC, OPA/Gatekeeper, network policies)
  • Hands-on with Terraform, Helm, and GitOps practices
  • Familiarity with security tooling (Trivy, Falco, Snyk, Aqua)
  • Knowledge of networking, encryption, and cloud-native security best practices

We also work hard to ensure Canary is a fun and exciting place to work! Here are some of the additional benefits:

Canary Days:  As a company we want to ensure that the team has time to recharge. Each month we provide company wide days off to ensure there is at least one extended weekend or day off.

Self Improvement Club: We meet each month and share our personal goals for the month. Each individual is provided a budget towards any purchases that help us achieve these goals.

Professional Development Chats: We provide budget to help drive cross functional professional development conversations across the organization.

Travel Reimbursement: Team members are able to visit our offices across New York, San Francisco or Dallas when they choose, and are provided a travel stipend for doing so.  Spend time working with the team in their office, and use the rest of your time exploring a new city!

Personal Travel Reimbursement: If you stay at a hotel that Canary works with, we provide a credit towards your stay.

Canary Technologies is an equal opportunity employer. We recruit, employ, train, compensate and promote talent regardless of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information or any other protected characteristic.

Share this job:
Please let Canary Technologies know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Canary Technologies logo

Canary Technologies

Hotel & lodging guest management platform

  • Founded in 2017
  • 17 remote jobs

Latest Jobs at Canary Technologies

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply