SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 84043, Lehi, UT
  3. Application Security Engineer

Application Security Engineer

Nectar
Posted 17 days ago, valid for 16 days
Location

Lehi, UT 84043, US

Salary

Competitive

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Nectar is seeking an Application Security Engineer to join their security team, focusing on securing their platform and identifying vulnerabilities.
  • The role requires 3-5 years of experience in application security, software engineering, or a related field.
  • Key responsibilities include security architecture and design, vulnerability management, incident response, and compliance with security standards.
  • The position offers a competitive salary and equity package, along with comprehensive health benefits and unlimited PTO.
  • This is a hybrid role based in Lehi, Utah, requiring in-office attendance two days a week.

About Nectar

We're building the future of workplace recognition and rewards. Join our team as we scale our platform to serve thousands of companies worldwide.


Role Overview

We're seeking a talented Application Security Engineer to join our security team. In this role, you'll be responsible for securing our platform, identifying vulnerabilities, and building security into our development lifecycle. You'll work closely with our product engineering teams to ensure our application meets the highest security standards.


Key Responsibilities

  • Security Architecture & Design: Partner with engineering teams to design and implement secure systems, conduct threat modeling, and provide security guidance throughout the development lifecycle
  • Vulnerability Management: Conduct security assessments, code reviews, and penetration testing to identify and remediate security vulnerabilities across our application stack
  • Security Tooling: Implement and maintain security tools including SAST, DAST, IAST, SCA, and dependency scanning solutions in our CI/CD pipeline
  • Incident Response: Respond to security incidents, conduct root cause analysis, and develop remediation strategies
  • Security Standards: Develop and enforce security policies, standards, and best practices across the engineering organization
  • Training & Awareness: Educate development teams on secure coding practices and emerging security threats
  • Compliance: Support compliance efforts for SOC 2, GDPR, NIST CSF, and other relevant security frameworks
  • Edge & WAF Security: Help manage and tune our WAF (e.g., Cloudflare/AWS WAF, etc), including writing and refining rules, reducing false positives, reviewing blocked traffic, and identify common attack patterns.


Required Qualifications

  • 3-5 years of experience in application security, software engineering, or related field
  • Strong understanding of common web and API vulnerabilities (OWASP Top 10) and secure coding practices
  • Practical experience finding and fixing vulnerabilities via a mix of code review and testing (SAST, DAST, SCA, manual testing)
  • Ability to read and review code in at least one modern language (Python, JavaScript/TypeScript, Go, or similar)
  • Experience partnering with product engineering teams to ship mitigations and improve secure-by-default patterns
  • Familiarity with cloud security fundamentals (Google Cloud Architecture or AWS Well-Architected frameworks) and CI/CD concepts
  • Working knowledge of authentication and authorization concepts (sessions, OAuth/OIDC basics)
  • Strong written and verbal communication skills, including the ability to explain risk and tradeoffs to non-security audiences
  • Ability to balance security requirements with business needs and development velocity


Preferred Qualifications

  • Security certifications (OSCP, CEH, CISSP, or similar)
  • Experience with modern web application frameworks and APIs
  • Experience with security monitoring and logging solutions (SIEM)
  • Familiarity with DevSecOps practices and infrastructure as code
  • Experience in a fast-paced startup environment
  • Contributions to open source security projects
  • Experience using AI tools in day-to-day engineering and security work (e.g., using assistants to accelerate investigation, write or review code, draft documentation, and summarize findings), with good judgment around data sensitivity and verification


What We Offer

  • Competitive salary and equity package
  • Comprehensive health, dental, and vision insurance
  • Hybrid role: in-office 2 days per week in Lehi, Utah
  • Unlimited PTO
  • Collaborative and inclusive team culture
  • Opportunity to make a significant impact on product security


How to Apply

Please submit your resume along with a brief cover letter explaining your interest in application security and what you'd bring to the Nectar team. We're especially interested in hearing about specific security challenges you've solved and your approach to building security into the development process.


Nectar is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.


Location

Lehi, Utah (Hybrid)

Department

DevOps & Security

Employment Type

Full-Time

Minimum Experience

Experienced



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs