×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager Data Security

Senior Application Security Engineer

Job in Westbrook, Cumberland County, Maine, 04098, USA
Listing for: IDEXX Laboratories, Inc
Full Time position
Listed on 2026-05-19
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager, Data Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

IDEXX Laboratories is seeking an Senior Application Security Engineer to join our Product & Application Security team protecting applications across development teams. This role combines hands‑on security testing with strategic partnership - you will conduct security assessments, perform threat modeling, and work directly with developers to build security into products from the start.

You will support security activities ranging from SAST/DAST analysis to API security testing, collaborate with our Security Champions to scale secure development practices, and contribute to the maturation of our Secure Software Development Lifecycle (SSDLC).

This position reports to the Senior Manager of Product & Application Security and operates within a team that prioritizes partnership over enforcement, using OWASP SAMM as our operational framework.

Security Assessments & Testing
  • Conduct security architecture reviews and threat modeling sessions with development teams using STRIDE methodology
  • Perform application security assessments across 20+ security verification service offerings including SAST/DAST analysis, manual code review, API security testing, authentication/authorization testing, and vulnerability validation
  • Execute hands‑on security testing of web applications, APIs, mobile applications, and cloud‑native services
  • Analyze and validate security findings from automated tools (Git Hub Advanced Security, Synack, Tenable, Aqua Sec) and provide actionable remediation guidance
  • Support penetration testing engagements and coordinate with third‑party security assessment vendors (Synack ST+)
Security Engineering & Automation
  • Build and maintain security verification tooling, scripts, and automation to improve assessment efficiency and coverage
  • Develop custom security testing scripts and proof‑of‑concept exploits to validate vulnerabilities
  • Contribute to security tooling integration within CI/CD pipelines (Git Hub Actions, GHAS CodeQL, secret scanning)
  • Create reusable security patterns, code snippets, and reference implementations for common security controls
Developer Partnership & Enablement
  • Partner with Security Champions across 36 development teams to provide security design guidance and implementation support
  • Deliver security training and enablement sessions on secure coding practices, common vulnerabilities, and threat modeling
  • Provide just‑in‑time security guidance during sprint planning, design reviews, and code reviews
  • Translate security findings into developer‑friendly remediation guidance with code examples and implementation patterns
  • Support Security Champions with security questions, design reviews, and knowledge sharing
SSDLC & Program Development
  • Contribute to SSDLC policy development and security requirements documentation grounded in OWASP SAMM practices
  • Define and refine security verification service offerings based on application risk profiles
  • Support the standardization of security assessment intake, execution, and reporting processes via Service Now
  • Maintain security verification documentation including testing methodologies, checklists, and runbooks
  • Track and report on security assessment metrics including coverage, finding severity distribution, and remediation timelines
What You Will Need to Succeed
  • 5 to 7+ years of experience in application security, software security engineering, or related roles
  • Hands‑on experience conducting security assessments including code review, penetration testing, or vulnerability analysis
  • Demonstrated ability to threat model applications and identify security design flaws
  • Proficiency with application security testing tools and methodologies
  • Strong understanding of at least one programming language and web application architecture
  • Experience working directly with development teams to remediate security findings
Preferred
  • GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or Certified Application Security Engineer (CASE) certification
  • Experience with Git Hub Advanced Security (GHAS) including CodeQL, Dependabot, and secret scanning
  • Background in software development or Dev Ops with a transition to security
  • Familiarity with OWASP SAMM, BSIMM,…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search