Application Security Engineer

Lucidya is an AI-native Customer Experience Intelligence platform enabling enterprises to understand, engage, and retain customers at scale. As Lucidya continues to scale globally, building secure-by-design products is a top priority. Security is a core pillar of our engineering strategy, and we are investing heavily in strengthening our application security posture across all products and platforms.

To support this growth, we are looking for an Application Security Engineer to help drive secure development practices, proactively identify vulnerabilities, and embed security across the software development lifecycle.

This is the first dedicated Application Security role at Lucidya, making it a high-impact and foundational position. You will play a critical role in shaping Lucidya’s application security strategy, working closely with engineering teams to identify risks, close security gaps, and ensure our applications are secure by design.

You’ll operate at the intersection of security engineering, software development, and cloud infrastructure, thinking like an attacker while enabling developers to build secure, scalable systems.

Core Responsibilities

• Develop and implement automated security testing and vulnerability detection workflows integrated into the Software Development Lifecycle (SDLC).
• Conduct security reviews of web applications, mobile applications, APIs, and cloud environments (public and private).
• Perform penetration testing on web, mobile, API, and desktop applications, as well as supporting infrastructure.
• Evaluate application defenses, identify architectural and design-level security gaps, and recommend mitigation strategies.
• Think like an attacker to proactively identify vulnerabilities and complex security risks before they reach production.
• Collaborate closely with engineering teams to support secure coding practices and security-aware development.
• Conduct code reviews with a security focus, especially for critical services and deployments.
• Research emerging threats and contribute to the development or adoption of new security tools and techniques.

Day-to-Day Responsibilities

• Review application code and architecture from a security perspective.
• Support and guide teams on secure development lifecycle (SDLC) practices.
• Work closely with developers during feature development and releases to ensure security controls are in place.
• Participate in threat modeling, vulnerability triage, and remediation tracking.
• Contribute to defining and evolving Lucidya’s application security strategy.

• Measurable reduction in application vulnerabilities, including findings from external security assessments.
• Clean and secure application releases with minimal critical or high-risk findings.
• Successful integration of security practices across SDLC pipelines.
• Improved security posture and readiness as validated by internal and external reviews.

• Gain a deep understanding of Lucidya’s system architecture, codebase, and security landscape.
• Identify key security gaps and prioritize remediation plans.
• Begin embedding security workflows into CI/CD and development processes.
• Establish trust and working relationships with engineering teams.