Back to Free Job Search

Full Stack Application Engineer

ACT Engineers • Full-time • Remote • $140k - $150k / year • 2h ago

Overview

Responsibilities

Application Audit Logging & Compliance

Design and implement comprehensive application-layer audit logging that captures all user actions, data modifications, access attempts, and business logic events to satisfy SOC 2 Type II and ISO 27001 requirement
Build audit log schemas that include user identity, action taken, timestamp, source location, business context, and outcome for all security-relevant events
Ensure tamper-proof audit trails with appropriate retention policies (7 years for regulatory compliance)
Create audit log analysis and reporting tools for security teams and compliance auditors
Integrate application logs with centralized monitoring infrastructure maintained by Platform Engineering team

Application Modernization & Refactoring

Lead refactoring of existing Power Apps and Azure-based applications (.NET, JavaScript, TypeScript) to meet SOC 2 Type II and ISO 27001 compliance requirements
Build and maintain application CI/CD pipelines using Azure DevOps with automated testing, security scanning (SAST/DAST), and controlled deployment workflows
Implement application configuration management with drift detection for database connection strings, feature flags, and application settings
Refactor applications to follow secure coding standards including OWASP Top 10 protections, input validation, and output encoding
Ensure all application changes flow through proper change management with approval workflows and rollback procedures

Field Application Development

Build and enhance field data collection applications that enable utility operators to enter asset data, inspection results, and operational metrics
Develop mobile-responsive user interfaces for technicians working at water treatment plants, pumping stations, and distribution networks
Create data visualization components for asset management and operational dashboards
Integrate applications with Bronze/Silver/Gold data lake architecture for seamless data flow

Application Security & Privacy

Embed security controls directly into application architecture following ISO 27001 A.8.28 (Secure Coding) standards
Implement PIPEDA privacy requirements including consent management, data minimization, user access to personal data, and secure deletion capabilities
Remediate security findings from automated security testing tools (SAST/DAST) in application code
Participate in threat modeling sessions for new features and sensitive data flows
Provide audit evidence for SOC 2 Type II assessments including application change logs, access logs, and security test results

Collaboration & Documentation

Collaborate with Senior Platform Engineer on infrastructure integration points, log aggregation, and deployment procedures
Document application architecture, security controls, and compliance mappings for audit readiness
Participate in code reviews and mentor future engineering hires on compliance-first development practices
Contribute to security awareness and compliance training materials for the development team

Qualifications

Required Education

Bachelor's degree in Computer Science, Software Engineering, Information Systems, or related technical field
OR equivalent professional experience (10+ years in software development may substitute for degree)

Required Experience

5+ years of full-stack application development experience with production systems
Strong proficiency in .NET (C#) and modern JavaScript/TypeScript
Proven experience building and maintaining RESTful APIs for user-facing applications
Application CI/CD pipelines - experience using and maintaining automated build, test, and deployment pipelines
Git version control with branch protection, pull requests, and code review workflows
Application audit logging implementation - demonstrated experience capturing user actions, data changes, and access events for compliance or security purposes

Technical Knowledge

Deep knowledge of .NET (C#) framework and modern JavaScript/TypeScript ecosystems
Understanding of RESTful API design principles, authentication/authorization patterns, and secure API development
Knowledge of relational database design, SQL optimization, and data access patterns (Entity Framework, Dapper, or similar ORMs)
Understanding of secure coding practices including OWASP Top 10 vulnerabilities and remediation techniques
Knowledge of CI/CD pipeline design, automated testing strategies, and deployment best practices
Familiarity with Git workflows including branching strategies, merge strategies, and code review processes
Understanding of cloud application architecture (Azure preferred, AWS translates)

Compliance & Security Knowledge

Understanding of SOC 2 Trust Services Criteria, particularly Security (CC6.1, CC7.1, CC7.2) and application-level control requirements
Knowledge of ISO 27001 controls A.8.16 (Monitoring), A.8.28 (Secure Coding), and their practical implementation
Understanding of audit logging requirements: what to log, how to structure logs, retention policies, and tamper-proofing techniques
Knowledge of PIPEDA or similar privacy regulations and their impact on application design (consent, data minimization, user access rights)
Familiarity with change management processes and audit evidence requirements

Technical Skills

Proficiency in building full-stack applications using .NET (C#) for backend and React/JavaScript for frontend
Ability to design and implement comprehensive audit logging frameworks that capture user actions, data changes, and access events

Preferred Qualifications

Preferred Education

Master's degree in Computer Science, Software Engineering, or related fiel
Security certifications such as CISSP, Security+, CEH, or GIAC
Cloud certifications (Azure preferred): Azure Developer Associate, Azure Solutions Architect
Compliance training or certifications related to SOC 2, ISO 27001, CMMC, or similar frameworks

Preferred Experience

Compliance-driven development experience with SOC 2, CMMC, HIPAA, FedRAMP, ISO 27001, or similar regulatory frameworks
React experience for modern web application development
React Native or cross-platform mobile development experience
Power Apps (Canvas or Model-driven) or other low-code/no-code platforms
IoT, SCADA, or industrial systems application development
Field data collection or mobile workforce application experience

Compensation Range

$140,000 to $150,000 per year annually. This is the lowest to highest pay range we in good faith believe we would pay for this role at the time of this posting. We may ultimately pay more or less than the posted range, and the range may be modified in the future. An employee’s pay within the range will be based on several factors including, but limited to, relevant education, qualifications, certifications, experience, skills, seniority, geographic location, performance, and business or organizational needs.

Other Compensation and Benefits

Carollo is committed to providing employees with a competitive, comprehensive benefits program that provides the support employees and their families need to lead healthy, productive lives. Carollo’s benefits package includes paid time off and holidays, comprehensive health insurance coverage, pre-tax savings account options for healthcare, dependent care and commuter expenses, disability insurance and life insurance options for you and your dependents. We also offer free Caregiver Support, Travel Assistance, counseling services, discount programs, and a Lifestyle Reimbursement Account. Other compensation that may be available includes: 401(k) company contribution matching, tuition reimbursement, discretionary bonuses, career advancement bonuses, professional registration bonuses, employee referral bonuses, and compensatory time for exempt employees. Flexible work arrangements may also be available. Eligibility for benefits varies based on employment status.