Nest Js Developer Jobs in Utah (NOW HIRING)

As an Application Security Engineer at LVT, you will be a cornerstone of our commitment to building secure-by-design technology. You will partner deeply with our Engineering and Product teams to weave advanced security protocols into every layer of our Software Development Lifecycle (SDLC). This isn't just about finding bugs; it's about architecting a proactive security culture and scaling our defenses alongside our rapid growth. You will serve as a technical expert, mentor, and advocate, ensuring our AI-driven platform remains as resilient as it is innovative.

This role is based in-office out of our Headquarters in American Fork, Utah.

• Strategic Integration: Partner with Product and Engineering to embed reproducible, high-standard security practices directly into the SDLC.
• Defense Engineering: Develop and maintain sophisticated manual and automated security processes to identify, evaluate, and mitigate risks across our software ecosystem.
• Offensive Security: Lead proactive security initiatives including threat modeling, deep-dive code reviews, and offensive security exercises/penetration testing.
• Vulnerability Management: Architect and manage the deployment of vulnerability scanning tools, driving the remediation process to ensure rapid resolution of identified issues.
• Policy Stewardship: Assist in the development and continuous improvement of secure development policies and procedural documentation.
• Technical Translation: Communicate complex vulnerability details and risk assessments to both technical and non-technical stakeholders, ensuring organizational alignment.
• Security Culture: Mentor junior team members and foster a strong, transparent security culture across the company.
• Impact Measurement: Success in this role is measured by the reduction of critical vulnerabilities in production, the speed of remediation cycles, and the successful adoption of security tools by the broader engineering team.

• Proven Experience: At least 2+ years of professional experience in an Information Security role with a focus on modern application environments.
• Cloud Proficiency: 2+ years of hands-on security experience with AWS and other cloud service platforms.
• Modern Stack Familiarity: Comfortable navigating common web languages and frameworks such as HTML, PHP, Node.js, React.js, Nest.js, and Next.js.
• Pipeline Expertise: A solid understanding of CI/CD tools including GitHub, Docker, Jfrog, CircleCI, and ArgoCD.
• Technical Depth: A comprehensive understanding of common application vulnerabilities (OWASP Top 10) and the tools used to combat them (SAST, DAST, SCA).
• IT Foundations: Strong grasp of IT fundamentals, including operating systems, networking protocols, and the OSI model.
• Compliance Awareness: Familiarity with security frameworks such as CIS, NIST, or ISO/IEC 27001.
• Exceptional Communicator: Ability to articulate risk with clarity and professional poise, maintaining high levels of personal integrity.
• Preferred Credentials: A degree in IT/Security or industry certifications such as Security+, OSCP, GPEN, or ITCA are highly valued.
• Regulatory Experience: Prior experience working within compliance frameworks like SOC2 or FedRAMP is a plus.

We believe you do your best work when your whole life is supported. We invest in our crew's health, families, and financial futures with a benefits package designed to support you inside and outside the office.

All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status. All candidates must pass a drug screening and background check upon employment. Some roles may also require passing a federal background check and fingerprinting. Must be authorized to work in the U.S. If reasonable accommodation is needed to participate in the job application or interview process, and/or to perform essential job functions, please reach out to your recruiter.