Embed security into CI/CD pipelines through scalable guardrails, automated security checks, and continuous improvements to developer workflows.
Drive adoption of secure coding best practices across engineering teams through tooling, guidance, and direct partnership.
Lead threat modeling exercises for high-risk features and new architecture patterns.
Own, maintain, and tune AppSec tooling including SAST, DAST, SCA, secrets scanning, container scanning, and dependency management.
Partner with DevOps to ensure automated testing integrates into build, test, and deploy workflows with high signal-to-noise and minimal developer friction.
Evaluate emerging technologies and automation opportunities to strengthen AppSec capabilities.
Lead triage, prioritization, and root-cause analysis for application vulnerabilities discovered through internal testing, bug bounty programs, pentests, and external researchers.
Ensure timely remediation through strong cross-functional partnership, driving the right balance of risk, velocity, and operational maturity.
Support security reviews, pen test scoping, and remediation programs tied to GovRAMP, SOC 2, and customer requirements.
Conduct manual reviews of critical code paths, APIs, backend services, and cloud components to identify security defects that automation may miss.
Advise on secure design patterns for microservices, cloud-native architectures, authentication/authorization mechanisms, secrets management, and data protection.
Collaborate with Security Operations during active incidents involving application or product vulnerabilities.
Perform deep-dive analysis of new vulnerabilities, exploit techniques, frameworks, and supply-chain risks affecting our tech stack.
Mentor engineering teams on secure design, secure coding, and modern AppSec patterns.
Lead internal workshops, brown bags, and knowledge-sharing sessions.
Contribute to internal AppSec documentation, policies, and secure development standards.
Requirements and Preferred Experience:
Requirements
Required
5+ years of application security, secure development, or software engineering experience (or equivalent real-world experience).
Hands-on experience with SAST, DAST, SCA, secrets scanning, container scanning, and CI/CD integration.
Expertise in OWASP Top 10, ASVS, SANS CWE Top 25, and secure coding principles.
Ability to perform threat modeling, code review, and architecture analysis.
Experience partnering with Engineering to drive remediation and long-term maturity improvements.
Preferred
Experience in SaaS, multi-tenant systems, or high-scale cloud environments (AWS preferred).
Familiarity with SOC 2, GovRAMP, & TX-RAMP.
Prior background in DevOps, software engineering, or cloud security.
Why OpenGov?
A Mission That Matters.
At OpenGov, public service is personal. We are passionate about our mission to power more effective and accountable government. Government that operates efficiently, adapts to change, and strengthens public trust. Some people say this is boring. We think it's the core of our democracy.
Opportunity to Innovate
A Team of Passionate, Driven People
This isn't your typical 9-to-5 job; we operate in a fast-paced, results-driven environment w
Benefits
Vision insurance
Additional Information
OpenGov is the leader in AI and ERP solutions for local and state governments in the U.S. More than 2,000 cities, counties, state agencies, school districts, and special districts rely on the OpenGov Public Service Platform to operate efficiently, adapt to change, and strengthen the public trust. Category-leading products include enterprise asset management, procurement and contract management, accounting and budgeting, billing and revenue management, permitting and licensing, and transparency and open data. These solutions come together in the OpenGov ERP, allowing public sector organizations to focus on priorities and deliver maximum ROI with every dollar and decision in sync. Learn about OpenGov's mission to power more effective and accountable government and the vision of high-performance government for every community at O penGov.com .
Job Summary:
The Application Security Engineer is a technical individual who is responsible for ensuring the security, integrity, and resilience of our cloud-native SaaS applications. This role partners closely with Software Engineering, Product, DevOps, and Security Operations to embed security into every phase of the SDLC. The ideal candidate is hands-on, highly collaborative, and capable of scaling AppSec processes that align with best practices, regulatory requirements, and the needs of a rapidly growing technology organization.
Opengov · India