Senior Application Security Engineer

Our cybersecurity and information security teams at IDEXX contribute to a more resilient, adaptable, and security-aware enterprise prepared to navigate today's evolving threat landscape. We have complex, multi-dimensional programs across the organization that support all the technology needed to deliver products and solutions to customers - enabling them to focus on delivering high quality patient care.IDEXX is seeking a Senior Application Security Engineer to join our Product & Application Security team protecting applications across development teams. This role combines hands-on security testing with strategic partnership - you will conduct security assessments, perform threat modeling, and work directly with developers to build security into products from the start.You will support security activities ranging from SAST/DAST analysis to API security testing, collaborate with our Security Champions to scale secure development practices, and contribute to the maturation of our Secure Software Development Lifecycle (SSDLC).This position reports to the Senior Manager of Product & Application Security and operates within a team that prioritizes partnership over enforcement, using OWASP SAMM as our operational framework.In this role, you will be responsible for...Security Assessments & TestingConduct security architecture reviews and threat modeling sessions with development teams using STRIDE methodologyPerform application security assessments across our security verification service offerings including SAST/DAST analysis, manual code review, API security testing, authentication/authorization testing, and vulnerability validationExecute hands-on security testing of applications, APIs, mobile applications, agentic solutions, and cloud-native servicesAnalyze and validate security findings from automated security tools and provide actionable remediation guidanceSecurity Engineering & Automation Build and maintain security verification tooling, scripts, and automation to improve assessment efficiency and coverageDevelop custom security testing scripts and proof-of-concept exploits to validate vulnerabilitiesContribute to security tooling integration within CI/CD pipelinesCreate reusable security patterns, code snippets, and reference implementations for common security controlsDeveloper Partnership & Enablement Contribute to security training and enablement sessions on secure coding practices, common vulnerabilities, and threat modelingProvide just-in-time security guidance during sprint planning, design reviews, and code reviews as requestedTranslate security findings into developer-friendly remediation guidance with code examples and implementation patternsSSDLC & Program Development Contribute to SSDLC policy development and security requirements documentation grounded in OWASP SAMM practicesGuide the evolution of the SSDLC to address emerging risks and controls introduced by AI-assisted developmentSupport the standardization of security assessment intake, execution, and reporting processes via ServiceNowMaintain security verification documentation including testing methodologies, checklists, and runbooksTrack and report on security assessment metrics including coverage, finding severity distribution, and remediation timelinesWhat You Will Need to Succeed... 4-6 years of hands-on experience in application security with demonstrable technical skillsStrong grasp of threat modeling methodologies (STRIDE preferred) and risk assessmentLocation: we are looking for someone driving distance to our HQ in Westbrook, Maine where we offer a flexible hybrid requirement of only 8 days per month. We are also open to those in New Hampshire or Massachusetts who are able to be on-site a less amount, possibly 1 to 4 times a month.Strong understanding of common web application vulnerabilities (OWASP Top 10, SANS Top 25) and secure coding practicesPractical experience conducting security assessments including SAST/DAST analysis, manual code review, and penetration testingProficiency with application security testing toolsSolid understanding of at least two programming languages sufficient to review code for security issuesExperience with API security testing (REST, GraphQL, SOAP) and authentication/authorization mechanisms (OAuth, SAML, JWT)Working knowledge of CI/CD security integration and tools like GitHub Advanced Security, SonarQube, or SnykUnderstanding of secure architecture principles and security design patternsFamiliarity with cloud security fundamentals (AWS, Azure, or GCP)Knowledge of vulnerability scoring systems (CVSS, EPSS) and prioritization frameworksAwareness of compliance requirements (SOC 2, GDPR, HIPAA, CRA) and how they apply to application securityAbility to communicate complex security issues clearly to both technical and non-technical audiencesSkill in building trust and partnerships with development teams rather than acting as a gatekeeperComfort working in a fast-paced agile environment where security must enable deliveryExperience mentoring or enabling developers on security topicsTrack record of translating security findings into practical, actionable remediation guidanceIt would be a plus if you had any of these... GIAC Web Application Penetration Tester (GWAPT), Offensive Security Certified Professional (OSCP), or Certified Application Security Engineer (CASE) certificationBackground in software development or DevOps with a transition to securityFamiliarity with OWASP SAMM, BSIMM, or similar secure development maturity frameworksExperience contributing to a Security Champions program or developer security enablement initiativePrior work in regulated industries (healthcare, financial services, government)Contributions to open-source security tools or vulnerability researchWhat you can expect from us:Base annual salary target: $120000 - $150000 (yes, we do have flexibility if needed)Opportunity for annual cash bonusHealth / Dental / Vision Benefits Day-One5% matching 401kAdditional benefits including but not limited to financial support, pet insurance, mental health resources, volunteer paid days off, employee stock program, foundation donation matching, and much more!Why IDEXX?We're proud of the work we do, because our work matters. An innovation leader in every industry we serve, we follow our Purpose and Guiding Principles to help pet owners worldwide keep their companion animals healthy and happy, to ensure safe drinking water for billions, and to help farmers protect livestock and poultry from diseases. We have customers in over 175 countries and a global workforce of over 10,000 talented people.So, what does that mean for you? We enrich the livelihoods of our employees with a positive and respectful work culture that embraces challenges and encourages learning and discovery. At IDEXX, you will be supported by competitive compensation, incentives, and benefits while enjoying purposeful work that drives improvement.Let's pursue what matters together.IDEXX values a diverse workforce and workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.IDEXX is an equal opportunity employer. Applicants will not be discriminated against because of race, color, creed, sex, sexual orientation, gender identity or expression, age, religion, national origin, citizenship status, disability, ancestry, marital status, veteran status, medical condition, or any protected category prohibited by local, state, or federal laws.Let's pursue what matters together.#LI-EV1