Application Security Engineer

EdgeConneX•Herndon, VA

1d•Hybrid

About The Position

Application Security Engineer EdgeConneX is seeking a skilled and experienced Application Security Engineer to join our team. The ideal candidate will have at least five years of hands-on experience in application security, a bachelor’s degree or higher in Computer Science or a related field, strong knowledge of secure coding practices and relevant professional certifications. You will be responsible for ensuring the security of our software applications throughout the development life cycle, working closely with developers, architects, and IT teams to identify, remediate, and prevent security vulnerabilities. This position reports to our Global Head of Cybersecurity and is based in Herndon, VA and provides flexibility for a hybrid onsite work schedule. There is a limited amount of travel needed for this position, but the flexibility to do so would be ideal.

Requirements

Bachelor’s Degree or higher in Computer Science, Information Security, or a related discipline
5+ years of professional experience in application security engineering in addition to educational background and internships
Strong knowledge of: AI, web and mobile application architectures and common vulnerabilities (e.g., OWASP Top 10).
Web application and API security
Authentication, authorization, and session management
Encryption and secure data handling
Experience with: Application security testing tools (SAST, DAST, SCA, IAST)
CI/CD pipeline integration and DevSecOps practices
Cloud-native application security (AWS, Azure, or GCP)
Hands-on experience with security tools such as Burp Suite, OWASP ZAP, SAST/DAST scanners, and similar.
Familiarity with secure coding practices in languages such as Java, C#, Python, or JavaScript.
Professional security certifications such as CSSLP, CISSP, CEH, GWAPT, OSCP, Cloud security certifications (AWS / Azure Security) or equivalent.
Excellent analytical, problem-solving, and communication skills.
Ability to work collaboratively in a team environment and manage multiple projects simultaneously and proactive approach to improving security
Strong documentation and reporting skills

Nice To Haves

Master’s Degree in a relevant IT field
Direct experience with cloud security and establishing DevSecOps practices
Knowledge of compliance frameworks such as PCI DSS, GDPR, or HIPAA
Experience with containers and Kubernetes security
Knowledge of Zero Trust and secure API gateways
Experience with bug bounty programs or red team collaboration
Contributions to open-source security projects or published research
Extensive penetration testing experience

Responsibilities

Conduct security assessments, code reviews, and penetration testing of web and mobile applications.
Integrate security into all phases of the SDLC, from design through deployment.
Perform application threat modeling, secure design reviews, and code reviews.
Implement and manage application security testing tools (SAST, DAST, SCA, IAST).
Collaborate with software development teams to integrate security best practices into the SDLC.
Identify, analyze, and remediate vulnerabilities using industry-standard tools and methodologies.
Develop and maintain security policies, standards, and guidelines for application development.
Monitor emerging threats, vulnerabilities, and security technologies to ensure proactive protection.
Provide guidance and training to developers on secure coding practices.
Participate in incident response activities related to application-level threats.
Prepare detailed security reports and documentation for stakeholders and compliance purposes.
Support compliance and audit requirements related to application security.
Perform Research & Development for AI Prompt Injection Attacks, Payloads for IoT devices (byte code may be required).