Senior Application Security Engineer

At Reltio®, we believe data should fuel business success. Reltio’s AI-powered data unification and management capabilities—encompassing entity resolution, multi-domain master data management (MDM), and data products—transform siloed data from disparate sources into unified, trusted, and interoperable data. Reltio Data Cloud™ delivers interoperable data where and when it's needed, empowering data and analytics leaders with unparalleled business responsiveness. Leading enterprise brands—across multiple industries around the globe—rely on our award-winning data unification and cloud-native MDM capabilities to improve efficiency, manage risk and drive growth.

At Reltio, our values guide everything we do. With an unyielding commitment to prioritizing our “Customer First”, we strive to ensure their success. We embrace our differences and are “Better Together” as One Reltio. We are always looking to “Simplify and Share” our knowledge when we collaborate to remove obstacles for each other. We hold ourselves accountable for our actions and outcomes and strive for excellence. We “Own It”. Every day, we innovate and evolve, so that today is “Always Better Than Yesterday”. If you share and embody these values, we invite you to join our team at Reltio and contribute to our mission of excellence.

Reltio has earned numerous awards and top rankings for our technology, our culture and our people. Reltio was founded on a distributed workforce and offers flexible work arrangements to help our people manage their personal and professional lives. If you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to enable digital transformation with connected data, let’s talk!

Job Summary:

The Sr. Application Security Engineer will play a key role in embedding security into our development and release processes. You will partner with cross-functional teams to ensure security is a foundational part of software design, development, and deployment, promoting secure coding practices, shift-left methodologies, and the secure adoption of API-driven and AI-enabled technologies.

Job Duties and Responsibilities:

Secure Development Lifecycle:
Collaborate with development teams to embed security throughout the software development lifecycle (SDLC), from design through deployment. Support the adoption of secure coding standards and best practices across teams.

CI/CD Pipeline Security:
Implement security controls within CI/CD pipelines, enabling automated security testing and vulnerability detection. Partner with release management to ensure secure deployment checks and policy compliance, including operationalizing SAST, SCA, and DAST.

Shift-Left Security:
Drive shift-left initiatives by providing guidance, tooling, and remediation support to engineers, enabling secure development from the outset.

Threat Modeling:
Lead threat modeling sessions with development teams to identify and mitigate security risks early in the design and architecture phases.

Vulnerability Management:
Analyze and validate remediation of application security findings from SAST, SCA, DAST, API testing, and manual assessments. Work with teams to prioritize fixes and ensure proper testing before release.

Application Security (SCA, SAST, DAST):
Design, implement, and maintain application security testing programs. Reduce false positives and provide clear, actionable remediation guidance to development teams.

API Security:
Partner with engineering teams to ensure secure API design and implementation. Identify and mitigate API-specific risks, including authentication and authorization issues, data exposure, rate limiting gaps, and OWASP API Top 10 vulnerabilities.

AI Security (Guardrails, MCP Security):
Support secure AI adoption by defining AI security guardrails. Address risks such as prompt injection, insecure model usage, data leakage, and Model Context Protocol (MCP) security concerns.

Security Training:
Deliver guidance on secure coding practices, application, API, and AI security threats, and remediation techniques. Provide hands-on support during code reviews.

Collaboration & Release Management:
Partner with DevOps, QA, Engineering, Product, and Release Management teams to integrate security requirements and checks throughout development and release processes.

Continuous Improvement:
Stay current on emerging application, API, and AI security threats. Continuously improve security processes, tooling, and overall application security posture.

Skills You Must Have:

• 5+ years of experience in application security or software development, including at least 2 years in a cloud-native or SaaS environment
• Hands-on experience with secure coding practices and modern application development
• Strong understanding of cloud well-architected frameworks, application development, and deployment workflows
• Experience integrating security into CI/CD and release management processes
• Passion for shift-left security, automation, and improving development quality at scale
• Self-starter with a history of driving technical initiatives and influencing architecture
• Strong communication skills with the ability to educate, collaborate, and drive risk-based consensus
• Hands-on experience with web technologies such as Java, Java Spring Boot, JavaScript, Node.js, C#, modern UI frameworks, microservices, cloud-native and serverless architectures
• Proficiency in secure coding standards and leading secure code reviews
• Strong understanding of application security vulnerabilities (OWASP Top 10) and prevention strategies
• Strong understanding of API security principles and OWASP API Top 10
• Experience with application security testing methodologies, including SAST, SCA, and DAST, integrated into CI/CD pipelines
• Experience with AI security concepts, including guardrails, prompt and output validation, data protection, and MCP security
• Experience with AWS, GCP, and/or Azure
• Experience securing containerized environments and Kubernetes
• Experience with Jenkins, ArgoCD, or similar CI/CD tools
• Hands-on experience with Burp Suite Pro for web and API testing
• Experience with modern Application Security platforms, with Wiz preferred (other AppSec tools acceptable)