ABOUT THIS ROLE
As an Application Security Engineer at LVT, you will be a cornerstone of our commitment to building secure-by-design technology. You will partner deeply with our Engineering and Product teams to weave advanced security protocols into every layer of our Software Development Lifecycle (SDLC). This isn't just about finding bugs; it's about architecting a proactive security culture and scaling our defenses alongside our rapid growth. You will serve as a technical expert, mentor, and advocate, ensuring our AI-driven platform remains as resilient as it is innovative.
This role is based in-office out of our Headquarters in American Fork, Utah.
ROLE RESPONSIBILITIES
Strategic Integration: Partner with Product and Engineering to embed reproducible, high-standard security practices directly into the SDLC.
Defense Engineering: Develop and maintain sophisticated manual and automated security processes to identify, evaluate, and mitigate risks across our software ecosystem.
Offensive Security: Lead proactive security initiatives including threat modeling, deep-dive code reviews, and offensive security exercises/penetration testing.
Vulnerability Management: Architect and manage the deployment of vulnerability scanning tools, driving the remediation process to ensure rapid resolution of identified issues.
Policy Stewardship: Assist in the development and continuous improvement of secure development policies and procedural documentation.
Technical Translation: Communicate complex vulnerability details and risk assessments to both technical and non-technical stakeholders, ensuring organizational alignment.
Security Culture: Mentor junior team members and foster a strong, transparent security culture across the company.
Impact Measurement: Success in this role is measured by the reduction of critical vulnerabilities in production, the speed of remediation cycles, and the successful adoption of security tools by the broader engineering team.
OUR IDEAL CANDIDATE
Proven Experience: At least 2+ years of professional experience in an Information Security role with a dedicated focus on modern application environments.
Cloud Proficiency: 2+ years of hands-on security experience with AWS and other cloud service platforms.
Modern Stack Familiarity: Comfortable navigating common web languages and frameworks such as HTML, PHP, Node.js, React.js, Nest.js, and Next.js.
Pipeline Expertise: A solid understanding of CI/CD tools and artifacts including GitHub, Docker, JFrog, CircleCI, and ArgoCD.
Technical Depth: A comprehensive understanding of common application vulnerabilities (OWASP Top 10) and the orchestration of automated tools used to combat them (SAST, DAST, SCA).
IT Foundations: Strong grasp of foundational IT domains, including operating systems, networking protocols, and the OSI model.
Compliance Awareness: Familiarity with standard security and regulatory compliance frameworks such as CIS, NIST, ISO/IEC 27001, SOC2, or FedRAMP.
Exceptional Communicator: Ability to articulate risk with clarity and professional poise, maintaining high levels of personal integrity while working with cross-functional partners.
Preferred Credentials: A degree in IT/Security or industry certifications such as Security+, OSCP, GPEN, or ITCA are highly valued.