Application Security Engineer II
Role summary
AppFolio is seeking an Application Security Engineer II to join their security engineering team. This role involves working closely with developers to enhance application security, identify and fix vulnerabilities, and provide security guidance. The engineer will also improve the application security pipeline using AI and scripting, and mentor junior team members. A strong technical background in programming (Ruby or similar), CI/CD, threat modeling, application security testing tools, and enterprise Linux is required. Experience with AI/LLM technologies and security frameworks like OWASP ASVS is also necessary.
Hi, We’re AppFolio
We’re innovators, changemakers, and collaborators. We’re more than just a software company – we’re pioneers in cloud and AI who deliver magical experiences that make our customers’ lives easier. We’re revolutionizing how people do business in the real estate industry, and we want your ideas, enthusiasm, and passion to help us keep innovating.
The Application Security Engineer II will work closely with developers and other security team members to maintain and improve the security posture of AppFolio applications. They will contribute to security initiatives as an individual contributor and work on high-impact projects as a member of the security engineering team. This will be accomplished with computer programming experience, an understanding of common application security vulnerabilities, an ability to use security testing tools, and a strong passion for the technical aspects of information security.
Your impact
- Identify vulnerabilities in software applications and help get them fixed
- Provide security guidance and education to developers in order to build a strong security culture and bake security into products early
- Continuously improve tools and techniques in our application security pipeline using AI and scripting skills
- Mentor junior team members and contribute to their professional development.
Must have
- B.S. in Computer Science or equivalent work experience
- 3-5 years of work experience programming in Ruby or a similar language
- 3-5 years of work experience with a CI/CD pipeline
- 3-5 years of work experience with threat modeling or risk assessment
- 3-5 years hands-on work experience evaluating applications for OWASP Top 10 security risks and recommending fixes/mitigations
- 3-5 years hands-on work experience with an enterprise Linux command line
- 3-5 years hands-on experience with application security testing tools (SAST, DAST, SCA, Web Proxies like Burp or ZAP)
- 2-3 years hands-on experience evaluating applications for compliance with security frameworks like OWASP’s ASVS
- Familiarity with an MVC Framework like Rails
- Hands-on experience evaluating the risk of products that leverage AI/LLM technologies.
Nice to have
- Knowledge of networking principles
- Knowledge of databases and SQL
- Knowledge of cloud platforms and technologies
Compensation & Benefits
The base salary that we reasonably expect to pay for this role is: $125,000 - 150,000
The actual base salary for this role will be determined by a variety of factors, including but not limited to: the candidate’s skills, education, experience, etc.
Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.
Regular full-time employees are eligible for benefits - see here.
#LI-KB1
Similar roles
Application Security Engineer IINational Digital Trust Company · United States · Remote- Application Security Engineer IICredit Acceptance · Remote, United States · Remote
- Application Security Engineer IIAppFolio · Denver, Colorado, United States · Remote
- Application Security Engineer IIAppFolio · Illinois, United States · Hybrid
- Application Security Engineer IIAppFolio · California, United States · Hybrid
