[Remote] Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. Twin Health is a company focused on improving metabolic health through AI Digital Twin technology. They are seeking a highly motivated Application Security Engineer to build and manage their application and cloud security capabilities, ensuring the security of systems and products as they scale globally.

Responsibilities

• Lead the deployment and configuration of Wiz CSPM, collaborating with infrastructure and DevOps teams to enhance visibility and remediation workflows
• Design, implement, and manage application and cloud security tooling across AWS, including Security Hub, GuardDuty, Macie, Inspector, and related automation
• Manage secure code scanning processes, integrating SAST (Static Analysis) and DAST (Dynamic Analysis) using Sonar Cloud to identify and remediate vulnerabilities early in the SDLC
• Develop automated pipelines and playbooks for vulnerability triage, remediation tracking, and reporting of metrics. (MTTD, MTTR)
• Partner with software engineering teams to embed security into CI/CD pipelines and promote secure coding practices
• Collaborate with the Security, IT, and GRC teams to ensure alignment with SOC 2, HIPAA, and SOX controls
• Contribute to threat modeling, code review, and incident response related to application vulnerabilities
• Evaluate and implement new security tools and processes to enhance the overall application security posture
• Support vendor risk assessments and penetration testing efforts related to application components
• Create and maintain security documentation, architecture diagrams, and operational runbooks
• Participate in on-call rotations as part of the broader security operations program
• Other duties as assigned

Skills

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience)
• 1-3+ years of experience in Application Security, DevSecOps, or Cloud Security Engineering roles
• Hands-on experience with AWS security services (Security Hub, GuardDuty, Inspector, Macie, IAM, KMS)
• Familiarity with Wiz or similar CSPM platforms
• Proven experience integrating SAST/DAST tools (e.g., Soar Cloud, Veracode, Snyk, Checkmarx, Burp Suite, etc.) into CI/CD pipelines
• Familiarity with Docker, K8S, and microservices-based architectures
• Experience with WAF, endpoint security, and IAM
• Strong understanding of secure software development lifecycle (SSDLC) and common vulnerabilities (OWASP Top 10, CWE, CVSS)
• Proficiency in at least one scripting or automation language (Python, Bash, or similar)
• Proficiency in Java
• Knowledge of threat modeling, code review, and cloud infrastructure security best practices
• Excellent collaboration and communication skills with both technical and non-technical stakeholders
• Experience with compliance frameworks such as SOC 2, HIPAA, or HiTrust is a plus
• Experience working in a high-growth or regulated environment is preferred
• This remote opportunity based out of the U.S. Preferred location is in EST timezone. Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time

Benefits

• A competitive compensation package in line with leading technology companies
• A remote and accomplished global team
• Opportunity for equity participation
• Unlimited vacation with manager approval
• 16 weeks of 100% paid parental leave for delivering parents; 8 weeks of 100% paid parental leave for non-delivering parents
• 100% Employer sponsored healthcare, dental, and vision for you, and 80% coverage for your family; Health Savings Account and Flexible Spending Account options
• 401k retirement savings plan

Company Overview