Senior Application Security Engineer

About Limble

At Limble we empower the unsung heroes who support the world. We’re revolutionizing the way businesses manage their maintenance operations by providing a comprehensive suite of software solutions that empower organizations to optimize asset performance and drive operational excellence. From preventive maintenance to inventory management and beyond, our robust CMMS platform offers a suite of features designed to streamline operations and enhance productivity.

About the Role

Limble is hiring a Senior Application Security Engineer to lead and scale our application security program for a modern SaaS computerized maintenance management (“CMMS”) platform. This is a senior, high-ownership role requiring deep hands-on technical ability and strong cross-team influence.

You’ll partner closely with Engineering and Product to embed secure-by-design practices into the SDLC, improve CI/CD security automation, and drive measurable risk reduction. Success requires someone who is extroverted, collaborative, and trusted by engineers. You must be able to build relationships, coach effectively, and drive security outcomes without slowing delivery.

Responsibilities

• Own and lead Limble’s application security program. Working closely with the Head of Information Security and stakeholders to define the strategy and roadmap including priorities and maturity improvements

• Perform hands-on security work including threat modeling and secure design reviews. Use reviews as an opportunity to educate.

• Partner with engineering teams to triage, prioritize, and remediate vulnerabilities across the platform

• Define and maintain application security standards aligned with OWASP Top 10, NIST 800-218, and secure SDLC best practices.

• Propose improvements and support operationalizing security tooling in CI/CD pipelines, including GitHub Advanced Security.

• Implement and manage security testing capabilities across:

  • SAST, SCA, SBOM (GitHub Advanced Security, Wiz, etc.)

  • DAST (new tool selection and rollout)

  • Vulnerability tracking and remediation workflows

• Support secure architecture for web applications and APIs

• Drive secure coding enablement through:

  • OWASP training

  • Secure coding best practices

  • Targeted coaching based on real issues found in the codebase

• Partner with and help scale our Security Champions program to coordinate security improvements and response

• Track and communicate application security program progress using clear metrics and reporting

• Facilitate Limble’s Responsible Disclosure program, including intake, triage, coordination, and remediation tracking

What Success Looks Like (First 90 Days)

• Assess current application security posture, secure SDLC integration, and highest-risk areas

• Deliver a prioritized remediation and maturity roadmap aligned with Engineering and Security priorities

• Improve CI/CD security coverage and reduce noise/false positives

• Establish repeatable processes for:

  • Threat modeling

  • Secure design reviews

  • Vulnerability triage + remediation workflows

• Build strong working relationships with engineering teams and Security Champions

• Develop initial set of application security KPIs

Technical Skills & Tooling

• Cloud & platform: AWS

• CI/CD & source control: GitHub, GitHub Actions, GitHub Advanced Security, Wiz

• Security tooling: SAST, SCA, SBOM, DAST, Burp Suite

• AppSec expertise:

  • Secure coding practices

  • Security frameworks (NIST 800-218), OWASP

  • APIs, auth, session management, data protection, microservices

• Threat modeling: STRIDE w/ DREAD

• Engineering workflows: Jira

• Familiarity with AI-assisted development tools (e.g., Cursor) and how to apply security guardrails

• Strong understanding of real-world exploitation techniques (e.g., auth bypass, injection, SSRF, XSS, IDOR, deserialization, privilege escalation).

Qualifications

• 5–8+ years in application security, product security, or security-focused software engineering

• Strong depth in web and API security, including modern auth patterns and attack techniques

• Experience securing cloud-native SaaS platforms and microservices architectures

• Strong working knowledge of OWASP Top 10, secure SDLC, and shift-left security

• Proven ability to influence engineering teams through trust, clarity, and practical solutions

Key Traits for This Role

• Relationship-driven and able to build credibility quickly with engineers

• Strong communicator who can translate risk into actionable engineering work

• Pragmatic and outcome-oriented: focused on real security improvements, not bureaucracy

• Comfortable taking ownership and driving initiatives end-to-end

Benefits

• Competitive Salary

• 15 Vacation days

• Supplemental private health and dental insurance

• All Colombian national public holidays off

Limble is an equal opportunity employer. We provide equal employment opportunities to all employees and applicants without regard to race, color, religion, creed, sex, sexual orientation, gender identity or expression, national origin, ancestry, age, disability, genetics, marital status, veteran status, or any other protected characteristic under applicable laws. We are committed to building a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. All qualified applicants with arrest or conviction records will be considered in accordance with applicable laws.

For team members outside of the US we employ and pay through an Employer of Record (EOR). We take a location-based pay approach, and compensation for this role is dependent on several factors such as location, work experience, job-related skills, business needs, and market demands.