Cloud Application Security Engineer

DescriptionThe Cloud Application Security Engineer is responsible for securing Hyper’s cloud-native web platform and the software development lifecycle that supports it. This role works directly with engineering teams to identify, understand, and remediate security risks in applications and infrastructure.This position focuses on embedding security into how software is built, deployed, and operated. The role emphasizes practical, hands-on security work—reviewing code, improving system design, and helping engineers build secure systems—rather than operating as a separate audit or ticketing function.Core ResponsibilitiesConduct secure code reviews, threat modeling, and security-focused design reviews for new and existing featuresIdentify and remediate common web application vulnerabilities aligned with OWASP Top 10Help design and improve secure application architectures in collaboration with engineering teamsOwn the security configuration of AWS environments including IAM, Security Hub, GuardDuty, WAF, Secrets Manager, VPC security groups, and CloudTrailIntegrate and maintain SAST, DAST, and dependency scanning tools within CI/CD pipelinesPerform vulnerability assessments across applications and cloud infrastructure and track remediation to closureSupport SOC 2 Type II readiness by contributing to security controls, documentation, and evidence collectionDevelop and maintain incident response processes including investigation, containment, and post-mortem analysisWork closely with engineers to implement secure coding practices and improve overall system securityAdditional ResponsibilitiesProvide guidance and education to engineering teams on secure development practicesSupport onboarding of engineers with security best practices and expectationsMaintain documentation for security processes, controls, and architectureContribute to improving security tooling, automation, and workflowsRequirements4–7 years of experience in application security, product security, or cloud security engineeringExperience securing modern web applications and understanding common vulnerability patternsHands-on experience with AWS security services (IAM, Security Hub, GuardDuty, WAF, etc.)Experience using SAST, DAST, or SCA tools in development workflowsStrong understanding of OWASP Top 10 and practical remediation approachesExperience with threat modeling applied to real systemsExperience supporting or participating in SOC 2 audits or similar compliance frameworksExperience working directly with software engineers to remediate security issues in applicationsStrong communication skills and ability to work closely with engineering teamsPreferredExperience with Node.js, PostgreSQL, or similar backend systemsFamiliarity with frontend security concerns (e.g., XSS, authentication flows, token handling)Experience with tools such as Snyk, Semgrep, OWASP ZAP, or similarExperience with compliance automation tools such as Vanta, Drata, or SecureframeExperience building or improving security practices in a startup or growth-stage companyScripting or automation experience (Python, Bash, or similar)Relevant certifications: AWS Security Specialty, OSCP, CISSP, or equivalentWhy Hyper?Hyper Solutions is building next-generation infrastructure and software systems that power critical business operations. This role offers the opportunity to work directly with engineers to improve how secure software is built and deployed. You’ll help strengthen application security practices while contributing to scalable, high-impact systems across the organization.Hyper offers competitive benefits including medical, dental, vision, and 401(k), along with strong opportunities for growth as the company scales.LocationOnsite in Richmond, VA, or remote depending on candidate location and business needs.Remote employees may be expected to travel periodically for team collaboration.Hyper Solutions is an Equal Opportunity Employer.We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability, genetic information, veteran status, or any other protected status under applicable laws.All applications will be used exclusively for selection purposes and handled confidentially by authorized personnel only. Your application may also be considered for other suitable positions within Hyper Solutions, Inc.Please note that Hyper Solutions is currently unable to offer visa sponsorship, and applicants must be authorized to work in the U.S. without the need for sponsorship now or in the future.