Application Security Engineer

About The Position

Requirements

• 4–6 years of experience in application security, including development and maintenance of security policies and collaboration with engineering and release teams.
• Experience identifying and remediating application vulnerabilities across modern programming languages, including Elixir, JavaScript, Ruby, Python, or similar languages.
• Strong knowledge of OWASP Top 10, OWASP API Top 10, and modern authentication mechanisms, including JWT and OAuth.
• Hands-on experience with application security tools, including SAST, DAST, and SCA platforms (e.g., GHAS, Burp Suite, Fortra, or similar tools).
• Experience working with cloud security controls, including AWS-native tools, web application firewalls (WAF), or similar technologies.
• Experience managing or supporting vulnerability disclosure or bug bounty programs.
• Strong written and verbal communication skills, with the ability to clearly communicate security requirements to technical teams.
• Demonstrated problem-solving and analytical skills in identifying and mitigating application security risks.

Nice To Haves

• Industry certifications such as CSSLP, GIAC GWAPT, CEH, or equivalent security certifications.
• Experience working with CloudFlare, AWS security services, or similar cloud-native security tools.
• Experience integrating security practices into SDLC processes.
• Experience supporting threat modeling or application security architecture reviews.

Responsibilities

• Develop and execute a comprehensive application security strategy aligned with business objectives and industry standards.
• Maintain and advise on secure coding standards, security documentation, and application security processes.
• Deliver application security and privacy training for development teams.
• Review source code to identify security vulnerabilities, insecure patterns, secrets exposure, and risks associated with AI-generated code.
• Triage, reproduce, and support remediation of application vulnerabilities (e.g., SQL injection, XSS, access control weaknesses) identified through automated tools (SAST, DAST, SCA) or manual analysis.
• Manage application security workflows, including task prioritization, ticket tracking, and coordination with development and DevOps teams.
• Maintain and enhance SmartRent’s responsible disclosure and vulnerability reporting program.
• Partner with developers to implement encryption, hashing, and secure key management practices.
• Collaborate with developers and engineering teams to perform threat modeling, identify attack paths, and assess weaknesses.
• Lead the investigation and mitigation of application-level security incidents, collaborating with the SOC and engineering teams to ensure rapid remediation and stakeholder communication.
• Provide guidance on security and privacy controls for cloud infrastructure (AWS), application development, and IoT hardware.
• Conduct regular application risk assessments to identify vulnerabilities and emerging threats.
• Research emerging cybersecurity risks and recommend mitigation strategies as appropriate.
• Perform adversarial testing and security validation of applications, including internal AI models and services.
• Use cloud-native security tools to identify and secure large language model (LLM) integrations and implement appropriate security guardrails.

Benefits

• medical, dental, vision, and life insurance with low deductibles and 75–100% employer contributions
• flexible and generous PTO
• competitive 401(k) with employer contributions
• paid parental leave
• discounted insurance plans for pets
• discounted legal services
• employee stock purchase plan