Senior Application Security Engineer

CertiPath Inc•Reston, VA

1d•Hybrid

About The Position

At CertiPath, you’ll join a fast-moving team with a meaningful mission, delivering high-assurance identity and trust solutions that matter. We are seeking a Senior Application Security (AppSec) Engineer to strengthen our security posture across our TrustSuite products, driving positive customer impact and rapidly innovating and optimizing application security across traditional and cutting-edge AI-enabled environments. This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization. This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support. This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level.

Requirements

U.S. citizenship and the ability to obtain a government clearance.
7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
Proven ability to define and drive high-level application security strategy and plans.
Excellent communication skills for reporting findings and influencing outcomes.

Nice To Haves

Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
Prior experience testing in government or regulated environments

Responsibilities

Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
Support go-to-market efforts for highly regulated environments.