Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
• Five or more years of application security or security engineering experience.
• Strong understanding of OWASP Top 10, common vulnerability classes, and modern exploit patterns.
• Hands-on experience performing code review across at least two major languages.
• Deep familiarity with SAST, DAST, SCA, and CI/CD-integrated security tooling.
• Strong understanding of authentication, authorization, and cryptographic primitives.
• Experience with cloud security and modern infrastructure controls.
• Strong communication skills with technical and non-technical audiences.
• Proficiency in at least one programming language for tooling and automation.
• Experience working closely with engineering teams in an Agile environment.

Nice To Haves

• Industry certifications such as OSCP, OSCE, GWAPT, or CISSP.
• Experience with offensive security tooling and red-team operations.
• Bug bounty experience, public CVEs, or open-source security contributions.
• Familiarity with AI/LLM application security considerations.
• Exposure to regulated industries with strict compliance requirements.

Responsibilities

• Conduct threat modeling and security architecture reviews for new and existing applications and services.
• Perform manual code reviews, secure design consultations, and pair with engineering teams on hardening critical components.
• Operate and tune SAST, DAST, IAST, SCA, and secret-scanning tools across CI/CD pipelines.
• Drive vulnerability management workflows including triage, prioritization, owner assignment, and SLA tracking.
• Build paved-road libraries and frameworks that make secure patterns the default for engineering teams.
• Lead red-team and purple-team exercises against internal applications and drive remediation of identified weaknesses.
• Implement and operate runtime protections including WAF, RASP, bot protection, and abuse-detection mechanisms.
• Design and enforce secure authentication, authorization, session management, and cryptographic patterns.
• Partner with infrastructure and platform teams to harden container, Kubernetes, and cloud environments.
• Develop and deliver application security training, lunch-and-learns, and onboarding content for engineering staff.
• Respond to security incidents involving application vulnerabilities or active exploitation.
• Track and apply emerging threats and CVEs that may affect the application portfolio.
• Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time.
• Stay current with application security research and emerging defensive tooling.

Benefits

• Competitive base salary commensurate with experience, plus benefits.