Job Description
About Limble
At Limble we empower the unsung heroes who support the world. We’re revolutionizing the way businesses manage their maintenance operations by providing a comprehensive suite of software solutions that empower organizations to optimize asset performance and drive operational excellence. From preventive maintenance to inventory management and beyond, our robust CMMS platform offers a suite of features designed to streamline operations and enhance productivity.
About the Role
Limble is hiring a Senior Application Security Engineer to lead and scale our application security program for a modern SaaS computerized maintenance management (“CMMS”) platform. This is a senior, high-ownership role requiring deep hands-on technical ability and strong cross-team influence.
You’ll report directly to our Head of Information Security and partner closely with Engineering and Product to embed secure-by-design practices into the SDLC, improve CI/CD security automation, and drive measurable risk reduction. Success requires someone who is collaborative and trusted by engineers. You must be able to build relationships, coach effectively, and drive security outcomes without slowing delivery.
Responsibilities
Own and lead Limble’s application security program, partnering with the Head of Information Security and key stakeholders to define strategy, roadmap, and measurable maturity improvements
Perform hands-on security work including threat modeling and secure design reviews, using engagements as opportunities to educate and influence engineering decisions
Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform
Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218 (SSDF), and secure SDLC best practices
Propose improvements and help operationalize security tooling within CI/CD pipelines using tools like GitHub or Wiz.
Implement and manage security testing capabilities across:
SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.)
DAST (new tool selection and rollout)
Vulnerability tracking and remediation workflows
Leverage automation and AI-assisted techniques to improve vulnerability discovery, reduce false positives, and scale security testing and validation efforts
Support secure architecture for web applications and APIs
Drive secure coding enablement through:
OWASP training
Secure coding best practices
Targeted coaching based on real issues found in the codebase
Partner with and help scale the Security Champions program to coordinate security improvements and incident response
Track and communicate application security program progress using clear metrics and reporting
Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking
What Success Looks Like (First 90 Days)
Assess current application security posture, secure SDLC integration, and highest-risk areas
Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities
Improve CI/CD security coverage while reducing noise and improving signal quality
Establish repeatable processes for:
Threat modeling
Secure design reviews
Vulnerability triage and remediation workflows
Build strong, trusted relationships with product and engineering teams and Security Champions
Define and begin tracking key application security KPIs and program metrics
Technical Skills & Tooling
AI-assisted application security testing and automation: ability to use tools such as Claude and Cursor to scale and automate security activities, including identifying vulnerabilities, generating test cases, and developing proof-of-concept exploits to validate findings.
Cloud & platform: AWS
CI/CD & source control: GitHub, Wiz, or similar systems
Security tooling: SAST, SCA, SBOM, DAST
AppSec expertise:
Secure coding practices
Security frameworks: NIST 800-218 (SSDF), OWASP
APIs, auth, session management, data protection, microservices
Threat modeling: STRIDE w/ DREAD
Engineering workflows: Jira or similar systems
Familiarity with AI-assisted development tools (e.g., Cursor, Claude) and ability to apply appropriate security guardrails
Strong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation)
Qualifications
5–8+ years in application security, product security, or security-focused software engineering
Strong depth in web and API security, including modern auth patterns and attack techniques
Experience securing cloud-native SaaS platforms and microservices architectures
Strong working knowledge of OWASP Top 10, secure SDLC frameworks and practices, secure-by-design, and developer-first application security practices
Proven ability to influence engineering teams through trust, clarity, and practical solutions
Key Traits for This Role
Relationship-driven and able to build credibility quickly with engineers
Strong communicator who can translate risk into actionable engineering work
Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy
Comfortable taking ownership and driving initiatives end-to-end
Benefits
$165,000 - $185,000 annual salary
Fully remote position
Flexible PTO
13 paid company holidays
Paid parental leave
Health, Dental, and Vision insurance
Employer paid Basic Life insurance and Short-Term Disability insurance
Company contribution match for HSA and 401(k)
Flexible Spending Accounts
Monthly employee wellness stipend
Opportunities for Learning and Development Reimbursement
Pet insurance
Limble is an equal opportunity employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetics, marital status, veteran status, or any other protected characteristic under applicable laws. We are committed to building a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All qualified applicants with arrest or conviction records will be considered in accordance with applicable laws.
