Logo for Arcadia

Application Security Engineer

Role overview

Qualifications

  • 3–5 years of dedicated Application Security experience in a SaaS or cloud-native environment
  • Hands-on proficiency with at least two of the following: SAST, DAST, SCA, or CSPM tooling (e.g., Snyk, Checkmarx, Semgrep, Wiz)
  • Strong working knowledge of CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI) and the ability to write and maintain pipeline integrations
  • Experience with container security (Docker, Kubernetes) and API security patterns (REST, GraphQL)

Responsibilities

  • Own the end-to-end vulnerability management lifecycle: triage, prioritize, and drive remediation of findings from SAST, DAST, and SCA tooling in partnership with engineering squads
  • Maintain, optimize, and extend security tooling integrations within the CI/CD pipeline with the goal of automating everything that can be automated
  • Launch and run a Security Champions program, including workshops and office hours, to embed security knowledge directly into development teams across multiple geographies
  • Partner with Product and Engineering leadership to introduce security touchpoints earlier in the SDLC, including threat modeling and design review processes

Key facts

Other skills

  • Communication

About the company

Arcadia logo

Arcadia

Cleantech & Greentech: Green + Technology

Arcadia is a climate technology company enabling a zero-carbon economy. By unlocking high-fidelity, global energy data for the first time, the Arc platform combines easy-to-use data and APIs under one roof to allow any company to act on its environmental impact and build the next generation of energy products and climate tech solutions. Arc democratizes access to data from more than 9,500 utility providers in 52 countries, covering more than 95% of US residential and commercial utility accounts. Founded in 2014 on the belief that everyone deserves access to clean energy, Arcadia also manages the nation’s leading community solar program, helping to tackle energy injustice while spurring economic growth with more than 750MW of solar under management. Our team is made up of technologists, data scientists, and energy nerds working towards a single mission: stop climate change by breaking the fossil fuel monopoly and creating unprecedented access to energy data and renewable energy sources through our technology. Join us at www.arcadia.com/careers.

Company details

Company typeStartup
IndustryCleantech & Greentech: Green + Technology
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Arcadia is the AI-powered energy intelligence platform for businesses. We replace fragmented tools and manual workflows with one platform to pay utility bills, buy energy, and advance sustainability — across every location, at enterprise scale.

Trusted by Fortune 2000 companies, Arcadia combines unified data, AI-powered analytics, and expert advisory to help enterprise teams save money, mitigate risk, and cut carbon.  

We deliver this through three comprehensive solutions:

  • Utility Bill Management: Automating the entire utility bill lifecycle — from data capture and validation to payment processing and auditing.
  • Energy Procurement Advisory: Bringing together comprehensive data, AI-powered analytics, market expertise, and a strong partner network to make sophisticated procurement options accessible to all. .
  • Sustainability Reporting — Verified emissions data with seamless integration into leading sustainability platforms.

Tackling the world's most complex energy challenges requires diverse thinking. We're building teams of people from different backgrounds, industries, and disciplines — united by a belief that energy management should be simple, intelligent, and a genuine driver of business value.

What we're looking for:

We are seeking a technically hands-on Application Security Engineer to join the Information Security team. This individual will own the vulnerability management lifecycle across our SAST, DAST, and SCA tooling, integrate security automation into the CI/CD pipeline, perform threat modeling of product and engineering designs, and serve as a trusted advisor to our 300+ person engineering organization. The ideal candidate is a builder who would rather automate a finding than file a ticket, and who can explain a critical vulnerability to a junior developer without making them feel two inches tall.

Arcadia is headquartered in Washington, DC, and open to fully remote candidates.

#LI-REMOTE

What you'll do:

  • Own the end-to-end vulnerability management lifecycle: triage, prioritize, and drive remediation of findings from SAST, DAST, and SCA tooling in partnership with engineering squads.
  • Maintain, optimize, and extend security tooling integrations within the CI/CD pipeline with the goal of automating everything that can be automated.
  • Launch and run a Security Champions program, including workshops and office hours, to embed security knowledge directly into development teams across multiple geographies.
  • Act as the application-layer subject matter expert during security incidents, supporting triage, root cause analysis, and remediation.
  • Partner with Product and Engineering leadership to introduce security touchpoints earlier in the SDLC, including threat modeling and design review processes.

What will help you succeed:

Must-haves:

  • 3–5 years of dedicated Application Security experience in a SaaS or cloud-native environment.
  • Hands-on proficiency with at least two of the following: SAST, DAST, SCA, or CSPM tooling (e.g., Snyk, Checkmarx, Semgrep, Wiz).
  • Strong working knowledge of CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI) and the ability to write and maintain pipeline integrations.
  • Experience with container security (Docker, Kubernetes) and API security patterns (REST, GraphQL).
  • Demonstrated ability to communicate technical risk to non-security engineers in a way that drives action, not anxiety.

Nice-to-haves:

  • Experience standing up or maturing a Security Champions program.
  • Familiarity with cloud-native AWS security services (GuardDuty, Security Hub, IAM Access Analyzer).
  • Exposure to threat modeling frameworks (STRIDE, PASTA, or lightweight equivalents).
  • Relevant certifications (OSCP, GWAPT, CSSLP) — valued but not required.

Benefits:

  • "Remote first" culture - work anywhere in the US as long as you have a reliable internet connection
  • Flexible PTO - no accrued hours and no limit on the number of vacation days exempt employees can take each year
  • 12 annual holidays
  • 10 days sick leave
  • Up to 4 weeks bereavement leave
  • 2 volunteer days off
  • 2 professional development days off
  • 12 weeks paid parental leave for all parents
  • 75-95% employer cost coverage for medical, dental, and vision benefits for employees and dependents

Eliminating carbon footprints, eliminating carbon copies.

Here at Arcadia, we cultivate diversity, celebrate individuality, and believe unique perspectives are key to our collective success in creating a clean energy future. Arcadia is committed to equal employment opportunities regardless of race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, protected veteran status, or any status protected by applicable federal, state, or local law. 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation by emailing careers@arcadia.com prior to completing your application..

Target Annual Compensation Range for this role will be $131,250 to $235,156. There will also be a competitive benefits component to the package. The exact compensation at which this job is filled will be determined by the skills, experience, and location of the qualified candidate. Please note that we are unable to offer visa sponsorship for this position at this time.

Automated Screening Technology: To ensure a fair and timely review of the high volume of applications we receive, Arcadia may utilize AI-assisted technologies to help our team identify candidates who best meet the qualification criteria for this role (based on skills, experience, and education).

Please Note: Automated tools provide recommendations based on your resume content and application questions. While we may use automated screening for basic eligibility (e.g., visa status, location), employment decisions regarding qualifications are not made solely by AI without human oversight.

Data Privacy & California Residents: You voluntarily provide personal information (such as your resume, contact details, and assessment responses) when submitting an application. We may use this to evaluate your candidacy and derive inferences from this data to match your profile with open roles. For California Residents: This collection is consistent with the CCPA. You have the right to request access to or deletion of your data by contacting careers@arcadia.com.

Thank you

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at Arcadia

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.