Application Security Engineer

About The Position

Requirements

• 3-5 years of experience in Application Security, Secure Software Development, or related fields.
• Solid understanding of OWASP Top 10, secure coding standards, vulnerability management, penetration testing methodologies, and common web/mobile vulnerabilities.
• Hands-on experience with security testing tools (e.g. Sonarqube, Tenable WAS, Burp Suite, OWASP ZAP, Veracode, or similar).
• Experience integrating AppSec tools into DevOps pipelines (Azure DevOps, Git, etc.).
• Experience performing or managing web application penetration tests using tools such as Burp Suite, OWASP ZAP, or manual techniques aligned with OWASP Testing Guide.
• Strong familiarity with PCI DSS and other financial regulatory compliance frameworks.
• Practical knowledge of web technologies (REST, JavaScript, HTML5, CSS, JSON) and at least one modern programming language (e.g., Java, C#, Python, JavaScript, Swift).
• Experience securing mobile applications (iOS and Android) through static and dynamic analysis.
• Excellent communication skills and ability to work cross-functionally with engineering and compliance teams.

Responsibilities

• Collaborate daily with development and project teams, assisting developers and architects to ensure compliance with established security standards and secure design principles.
• Identify, prioritize, and mitigate vulnerabilities based on OWASP Top 10, SANS CWE Top 25, and industry best practices.
• Lead application security assessments and reviews for web, mobile, and API-based systems throughout the SDLC.
• Collaborate with internal DevOps and other Dev teams to integrate, manage, and report on automated vulnerability scanning, SAST, DAST, and SCA platforms both as stand-alone tools and within CI/CD pipelines.
• Partner with DevOps and engineering teams to embed security controls early in the development process (“shift left”).
• Conduct secure code reviews and support developers in understanding and remediating findings.
• Conduct and coordinate penetration tests for internal systems and web and mobile applications to validate vulnerability findings and assess real-world exploitability.
• Champion secure coding practices and deliver targeted security training and awareness to engineering teams.
• Perform threat modeling and risk assessments for new applications and system changes.
• Support and maintain PCI DSS compliance as it relates to application security and data protection.
• Collaborate with infrastructure and cloud security teams to ensure consistent protection across the technology stack.
• Contribute to continuous improvement of the organization’s secure SDLC and AppSec frameworks.

Benefits

• Medical, Dental and Vision insurance for you and your family
• Relax and recharge with Paid Time Off (PTO)
• 6 company-observed paid holidays, plus 3 paid floating holidays
• 401k (after 90 days) plus employer match up to 4%
• Pet Insurance for your furry family members
• Wellness perks including onsite fitness equipment at both locations, EAP, and access to the Headspace App
• We invest in your future through Tuition Reimbursement
• Save on taxes with Flexible Spending Accounts
• Peace of mind with Life and AD&D Insurance
• Protect yourself with company-paid Long-Term Disability and voluntary Short-Term Disability