Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field is required, or equivalent combination of education and experience.
• 4 years of experience in application security engineering, software engineering, or related security-focused roles required.
• 3 years of hands-on experience identifying and qualifying application security vulnerabilities, preferably within web, financial services, or mobile application environments required.
• Experience with AWS, Git, and industry-standard application vulnerability platforms required.
• Proficiency analyzing application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) to identify security vulnerabilities.
• Strong technical knowledge of security vulnerabilities and standards (OWASP Top 10, CWE, CVSS scoring).
• Deep familiarity with authentication and authorization protocols (e.g., SAML, OAuth 2.0, JWT).
• Applied knowledge of cryptographic practices, including encryption standards, hashing algorithms, and authentication lifecycle management.
• Excellent analytical, communication, and coordination skills, with the ability to effectively manage and communicate security remediation tasks.
• Ability to maintain productivity and professionalism in remote or distributed team environments.
• Demonstrated passion for continuous security learning and staying updated on industry threats and trends.

Responsibilities

• Monitor and analyze security alerts and vulnerability reports, prioritizing and validating vulnerabilities for timely remediation.
• Maintain and optimize automated vulnerability scanning systems (SAST/DAST), ensuring comprehensive application security assessments.
• Coordinate and manage third-party penetration tests, bug bounty programs, and vulnerability assessments, responding effectively to findings.
• Collaborate cross-functionally to perform architectural and code reviews, delivering actionable recommendations for enhanced application security.
• Develop and maintain application threat models to inform proactive risk management and security posture improvements.
• Assist internal teams in vulnerability remediation using industry-standard tools (e.g., Veracode, Qualys, Rapid7, Burp).
• Support incident response activities, enabling rapid identification, containment, and resolution of application security incidents.
• Stay current on emerging security threats, vulnerabilities, and industry best practices, translating insights into practical guidance.
• Provide security expertise in risk management, compliance audits, and client communications to enhance the overall security posture.
• Perform other duties as assigned.

Benefits

• $120,000 - $130,000 a year