Application Security Engineer (REMOTE)

About The Position

Requirements

• Bachelor’s degree in a technical field (e.g., Computer Science, Information Systems, Cybersecurity).
• 5+ years of experience in Information Security, with at least 3 years focused on application security, secure development, or DevSecOps.
• Demonstrated experience building and scaling an application security program, either as the lead or a key contributor.
• Strong knowledge of OWASP Top 10, OWASP ASVS, SANS Top 25, and secure SDLC methodologies.
• Hands-on experience with application security testing tools such as Burp Suite, Fortify, Checkmarx, Veracode, and ZAP.
• Experience conducting threat modeling, penetration testing, secure software development, and secure architecture reviews.
• Practical experience securing cloud environments (AWS or Azure) and implementing cloud-native security controls.
• Familiarity with Kubernetes security, container hardening, and runtime protection.
• Strong communication skills with the ability to collaborate and influence across technical and non-technical teams.
• Must have an active passport and be willing to travel internationally.
• Problem management / resolution skills; project management skills; generally accepted security principles.
• Ability to analyze data, resources, and schedules to make decisions that affect a project on a regular basis.

Nice To Haves

• Relevant certifications such as CISSP, CSSLP, OSCP, GWAPT, CEH, or GIAC Cloud Security.
• Experience securing embedded systems and mobile applications.

Responsibilities

• Serve as a primary liaison between the Cybersecurity and development teams, ensuring security is integrated into design, development, deployment, and operations.
• Conduct application security assessments, code reviews, API testing, threat modeling, and penetration testing to identify vulnerabilities.
• Define, maintain, and enforce secure coding standards, patterns, and best practices.
• Integrate and manage security tooling within CI/CD pipelines, including SAST, DAST, SCA, IaC scanning, and container security solutions.
• Support secure architecture reviews for cloud‑native applications, microservices, and containerized workloads.
• Support threat modeling, risk assessments, and security architecture reviews for applications.
• Ensure that all security practices meet regulatory and compliance requirements.
• Develop and deliver cybersecurity training programs for development teams to promote awareness and adherence to best practices.
• Ensure application security practices align with regulatory and compliance frameworks (e.g., NIST CSF, ISO 27001, IEC 62443).
• Keep up to date on emerging threats, incorporating threat intelligence into security practices and providing proactive defenses.
• Monitor and respond to application security threats, incidents and vulnerabilities.
• Stay up to date on regulatory developments and industry trends.
• Manage and maintain third-party vendor and consultant relationships.
• Perform other duties as assigned.

Benefits

• Paid time off plus paid holidays
• Medical/dental/vision insurance plan
• Life insurance, short/long term disability, tuition reimbursement, flex spending, and employee stock purchase plan
• 401K plan