Senior Application Security Engineer

About The Position

Requirements

• U.S. citizenship and the ability to obtain a government clearance.
• 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
• Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
• Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
• Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
• Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
• Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
• Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
• Proven ability to define and drive high-level application security strategy and plans.
• Excellent communication skills for reporting findings and influencing outcomes.

Nice To Haves

• Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
• Prior experience testing in government or regulated environments

Responsibilities

• Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
• Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
• Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
• Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
• Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
• Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
• Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
• Support go-to-market efforts for highly regulated environments.

Benefits

• Competitive medical, dental, and vision coverage (including domestic partner coverage).
• Health Savings Account (HSA) options, 401(k) with a generous company match, company-paid Life, AD&D, Short-Term, and Long-Term Disability.
• Unlimited PTO, seven company holidays, & a company-wide week-long break at the end of each year, flexible working hours that support work-life balance
• LifeMart employee discount program
• Professional development opportunities and ongoing learning support