Sr. Application Security Engineer
About The Position
The Senior Application Security Engineer is responsible for advancing the security, integrity, and resilience of enterprise applications through automation-first security practices, vulnerability management, and secure software development integration. This role focuses heavily on leveraging RPA and automation to scale security operations, embed controls into CI/CD pipelines, and drive measurable risk reduction across the organization. The ideal candidate combines deep cybersecurity and application security expertise with strong automation and engineering skills, enabling them to design practical, scalable solutions that integrate seamlessly into modern development environments.
Requirements
- 5–7 years of experience in application security, cybersecurity engineering, or secure software development
- Must be able to obtain and maintain a favorable contractor fitness determination.
- Strong expertise in secure coding practices, OWASP Top 10, threat modeling, and vulnerability management
- Hands-on experience with application security tools (SAST, DAST, SCA, API security testing)
- Experience integrating security into CI/CD pipelines (DevSecOps practices)
- Experience with or exposure to RPA platforms (UiPath, Automation Anywhere, Blue Prism)
- Knowledge of API security, authentication, and authorization mechanisms (OAuth2, SAML, JWT)
- Experience with security monitoring and logging tools (Splunk, CloudWatch, etc.)
Nice To Haves
- Experience with process automation of security workflows (SOAR tools or custom automation frameworks)
- Familiarity with cloud security architectures (AWS, Azure, GCP)
- Knowledge of software supply chain security tools (e.g., NexusIQ, Snyk)
- Experience working in regulated environments (NIST, FISMA, Zero Trust)
Responsibilities
- Lead the implementation of application security practices across the SDLC, including secure coding, threat modeling, and vulnerability management
- Design and deploy automated security controls within CI/CD pipelines (SAST, DAST, SCA, secrets scanning, policy gates)
- Leverage RPA and automation tools to streamline vulnerability detection, triage, reporting, and remediation workflows
- Conduct application security assessments, including code reviews, dynamic testing, and manual analysis
- Identify, prioritize, and remediate application and API vulnerabilities aligned with OWASP Top 10 and modern threat landscapes
- Partner with engineering, DevOps, and product teams to implement secure-by-design and DevSecOps practices
- Integrate security into release pipelines, ensuring continuous monitoring, scanning, and compliance enforcement
- Support and improve the vulnerability management lifecycle, including metrics, reporting, and risk-based prioritization
Benefits
- Flexible PTO Policy + 11 Paid Holidays
- Flexible Work Schedules (Remote / Hybrid)
- Medical / Dental / Vision / Flexible Spending Account (FSA)
- 401k Plan with Match
- Tuition & Professional Development Support
- Commuter Benefits
- Bonus & Employee Referral Programs
- Career Growth Opportunities
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
Number of Employees
11-50 employees
