THE ROLE

The Senior Application Security Engineer is a key member of Cognism’s Information Security Team, reporting into the Application & Infrastructure Security Manager. Your mission is to embed security by design across our engineering and product organization by integrating modern application security practices throughout the full development lifecycle. We focus on building secure, scalable, and resilient systems while enabling the business to innovate quickly and safely. It is to drive a culture where the fastest path for our engineers is the securest path.

You will work closely with Product, Engineering, Architecture, and Data teams to understand risks within our platform, including risks introduced by AI powered features, and ensure the right controls, guardrails, and security patterns are built into the product at its inception – all the while ensuring a balanced approach to the product experience that our thousands of large global enterprise customers use every day.

This role is ideal for a senior IC who is technical, collaborative, and pragmatic, with the ability to influence engineering teams while driving hands on improvements to Cognism’s secure SDLC.

KEY RESPONSIBILITIES

Security by Design & Product Integration

• Partner with Product, Web and Data Engineering teams from the ideation stage to ensure security requirements are considered early in feature and model design.
• Translate product and application risks into actionable security controls, making recommendations repeatable to build guardrails and guidance that product, design, and engineering teams can apply as they scale and build the products in the teams they own.
• Help shape security acceptance criteria and guide engineering teams during design reviews and backlog planning.

Application Risk Assessment & AI Security

• Identify and assess application risks across Cognism’s SaaS platform, data processing pipelines, including emerging risks associated with AI/ML capabilities.
• Contribute to AI feature reviews and participate in AI risk assessments to ensure responsible and secure use of models, in a way that balances the need to innovate and challenge the status quo in AI implementation.
• Assess and pragmatically recommend mitigations for security risks in data pipelines, model-training workflows, feature stores, and ML systems, ensuring strong controls for data access, data lineage, model integrity, and protection of sensitive datasets.

Secure SDLC & DevSecOps Enablement

• Partner with our engineering and platform team to embed security guardrails into our software development lifecycle and agile engineering workflows.
• Partner with engineering teams to integrate and optimize security tooling into CI/CD pipelines (SAST, SCA, DAST, container scanning, IaC scanning).
• Drive automation and developer-friendly security processes that minimize friction and support rapid delivery.

Threat Modelling & Architecture Support

• Conduct and facilitate a self-serve, risk-driven approach to pragmatic threat modelling sessions for new features, services, and AI components.
• Conduct threat modelling for data architectures, including ingestion, transformation, storage, streaming, and ML model deployment patterns, ensuring data confidentiality, integrity, and responsible use.
• Provide hands-on application security guidance to engineering teams, helping them implement secure APIs, microservices, data flows, and integrations.
• Maintain and expand Cognism’s secure coding standards, guidance, and reusable security patterns.

Application Security Testing & Engineering

• Perform hands-on security testing (manual and automated) for web applications, microservices, APIs, and cloud components.
• Plan, coordinate, and oversee penetration tests, red team exercises, and third-party security assessments, ensuring findings are addressed and tracked.
• Validate findings, assist with prioritization, and partner with engineering teams on remediation strategies.

Collaboration, Education & Influence

• Work directly with product squads, acting as a trusted advisor and embedded security partner. Take the time to understand what other teams are working on, what business priorities are, and partner with teams to recommend risk mitigations that balance risk with opportunity and that take into account the threat landscape.
• Deliver security training, workshops, and guidance to improve engineering teams’ security maturity.Communicate security risk and tradeoffs clearly and constructively to technical and nontechnical stakeholders.

CORE COMPETENCIES

• Strong technical depth in application security, cloud security, and secure development.
• Understanding of modern data stack components (e.g., data pipelines, feature stores) and the ability to collaborate effectively with data practitioners.
• Deep understanding of communication protocols used for web development is a must-have.
• Hands on experience with web application development, specifically for back-end development is a must-have competency.
• Risk-Based Prioritization: Ability to distinguish between theoretical security risks and actual business threats, demonstrating a "risk-driven" rather than "compliance-driven" mindset. Comfortable balancing security risk with product and commercial realities.
• Contextual Communication: Capacity to translate complex technical vulnerabilities into business-impact stories that resonate with non-technical stakeholders and product owners.
• Collaborative Conflict Resolution: Proven track record of approaching engineering friction with transparency and pragmatism, balancing a firm stance on security with a deep care for the developer experience. Pragmatic problem solver with a growth mindset and bias toward action.
• Architectural Empathy: Ability to put yourself in the position of your users (the engineers) to build security guardrails that are repeatable and embedded into existing workflows rather than added as hurdles.

EDUCATION & EXPERIENCE

• 5–10+ years of experience in Application Security, Product Security, or Security Engineering roles.
• Strong experience securing cloud native SaaS platforms (AWS preferred) and Data pipelines.
• Handson experience with secure coding, application testing, and CI/CD security automation.
• Experience working closely with engineering and product teams in agile environments.
• Familiarity with security frameworks such as OWASP ASVS, OWASP Top 10, NIST, ISO 27001/2.
• Experience evaluating and securing AI/ML enabled features is a strong advantage.
• Experience in SME or high-growth SaaS environments preferred.