Sr Application Security Engineer

Overview
We are seeking a Senior Application Security Engineer (AppSec) to join our InfoSec team at LAIKA, the world-renowned stop motion studio celebrated for its groundbreaking storytelling and cutting-edge animation technology. In this role, you will design, develop, and oversee application security for Content Protection, ensuring that our code and scripts—both on-premises and in the cloud—are secure, high-performing, and resilient. 

Working closely with technology leaders, software engineers, and site reliability engineers (SREs), you will conduct security assessments, penetration testing, and vulnerability analysis while implementing best practices to safeguard LAIKA’s digital assets. Your expertise will help protect proprietary content, maintain compliance standards, and enhance security across our software development lifecycle. 

Key Responsibilities
Security Assessments & Testing: 

• Conduct security assessments and code audits to identify and mitigate vulnerabilities.
• Perform penetration testing across web applications, plugins, SaaS platforms, IoT devices, and networks.
• Analyze and test source code for security flaws and recommend mitigation strategies.
• Implement and manage application security testing tools, including SAST, DAST, and IAST (static, dynamic, and interactive analysis).
• Develop solutions to drive remediation of security issues through Product Security tests, Bug Bounty programs, and Vulnerability Disclosure Programs. 

Collaboration & Cross-Functional Engagement: 

• Work alongside developers, technology leaders, and external partners to address security risks.
• Collaborate with internal teams to design and implement security best practices across the development lifecycle.
• Support security initiatives related to DevOps, SRE, and cloud security architectures.
• Research, evaluate, and recommend new security tools and methodologies to improve testing capabilities. 

Security Infrastructure & Development: 

• Apply API security best practices and work with public cloud platforms (AWS, Azure, GCP).
• Utilize red teaming and vulnerability assessment tools (Metasploit, Kali, Nessus, Cobalt Strike, Acunetix).
• Manage knowledge repositories and CI/CD pipelines using GitHub, GitLab, Jenkins, Perforce, Jira, and Confluence.
• Stay ahead of emerging cybersecurity threats and continuously improve security testing methodologies.
• Develop comprehensive security reports and presentations for technical and executive audiences. 

Qualifications
Experience & Background: 

• 5+ years of experience in cybersecurity OR 7+ years in software engineering with a focus on security.
• Strong understanding of web application security, cloud security, and API security best practices.
• Hands-on experience with application penetration testing (mandatory).
• Experience working in cross-functional teams, collaborating with engineers, SREs, and leadership. 

Technical Skills: 

• Proficiency in application development and scripting (Python preferred; Perl, Go, or Ruby, a plus).
• Familiarity with public cloud security architectures (AWS, Azure, GCP).
• Expertise with security testing tools, including SAST, DAST, IAST, and vulnerability assessment platforms.
• Experience with CI/CD security best practices and DevSecOps methodologies. 

Preferred Certifications: 

• OSCP, GPEN, or GWAPT certifications (or equivalent experience). 

Physical Demands and Work Environment
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

• Physical demands: While performing the duties of this job, the employee is required to walk; stand; sit; use hands to operate standard office equipment; reach with hands and arms; balance; stoop; talk or hear both in person and by telephone. The employee must lift and/or move up to 15 pounds. Vision abilities include close vision, distance vision, and the ability to adjust focus.
• Work environment: While performing the duties of this job, the employee works under typical office conditions and is exposed to variable indoor temperatures. The noise level is usually quiet or moderate.  

Location 
On-site in Hillsboro, OR, and eligible for hybrid work. 

Salary 
Salary is commensurate with skills and experience.

Disclaimer
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

Please review our EMPLOYMENT DISCLAIMER and MATERIALS SUBMISSION AGREEMENT.