Application Security Engineer

Stefanini Group-posted 3 days ago
Full-time • Mid Level
Hybrid • Atlanta, GA
5,001-10,000 employees
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

As a key member of our Internal Product Security Engineering team, you will lead penetration-testing engagements for high-scale web applications and APIs, validating security controls and uncovering exploitable weaknesses. In parallel, you will conduct structured threat-modeling workshops and security-design reviews for new features and services, managing each engagement from scoping to remediation follow-up in close partnership with engineering and cross-functional stakeholders. The insights you provide will drive prompt fixes and shape the organization's long-term security roadmap.

  • Penetration Testing Plan, execute, and document manual and tool-assisted tests for enterprise-scale web apps and REST/GraphQL/gRPC APIs.
  • Demonstrate exploitation paths (auth / logic / data exposure) and develop proofs-of-concept.
  • Retest remediations and deliver clear, prioritized reports.
  • Facilitate formal and informal Threat Modeling using STRIDE-like frameworks or Attack-Tree sessions for new or significantly modified services.
  • Produce risk artefacts, recommend mitigations, and track closure of findings.
  • Champion secure-by-default patterns (least privilege, IaC hardening, SDL best practices) across the SDLC.
  • Contribute to internal security tooling and CI/CD guardrails.
  • Bachelor's degree in Computer Science, Engineering, or equivalent practical experience.
  • 4 + years in product or application security engineering with hands-on web/API penetration-testing work.
  • Expertise with a leading pentest platform (Burp Suite Pro, OWASP ZAP, Nuclei, etc.).
  • Scripting/automation ability in Python, Go, or similar; quick at reading unfamiliar codebases.
  • Practical experience with STRIDE or comparable threat-model frameworks.
  • Familiarity with cloud-native environments (microservices, Kubernetes, serverless).
  • Exceptional written and verbal skills for both technical and non-technical audiences.
  • Offensive-security certifications (OSCP, OSWE, OSWA, BSCP).
  • Secure-coding experience in languages such as: Java, Node.js, C#, Python, or Rust.
  • Experience in security controls for cloud platforms such as AWS, Azure, or Google Cloud.
  • Open-source contributions, bug-bounty recognitions, or CTF placements.
  • Exposure to mobile or desktop application security.
  • Knowledge of or interest in AI security controls and testing.
  • Maintains professionalism under pressure.
  • Meticulous eye for detail.
  • Self-driven and proactive.
  • Thrives on complex challenges.
  • Dependable, cooperative team player.
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Application Engineer Resume Examples
Application Engineer Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service