Application Security Engineer / Senior AppSec Engineer
Role summary
We are seeking a skilled Application Security Engineer to join our technology team as a remote employee. This role is crucial for driving secure development practices and managing end-to-end application security testing, vulnerability management, and DevSecOps integration. You will perform application security assessments for web and API applications, integrate security into the Secure SDLC and DevSecOps pipelines, and conduct threat modeling. Key responsibilities include executing vulnerability scans, analyzing results from SAST, DAST, and manual testing, documenting findings, and providing remediation guidance. You will also integrate security tools into CI/CD pipelines, perform vulnerability validation, and support incident investigations. Proficiency in scripting and familiarity with tracking tools are essential.
Job Information
Date Opened
03/27/2026
Job Type
Full time
Remote Job
Industry
Technology
Job Description
This is a remote position.
We are seeking a skilled Application Security Engineer to drive secure development practices and manage end-to-end application security testing, vulnerability management, and DevSecOps integration. The role requires hands-on experience in SAST/DAST tools, vulnerability scanning, CI/CD security integration, and manual security testing across web and API-based applications.
Key Responsibilities
- Perform application security assessments for web and API applications
- Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines
- Conduct threat modeling and security design reviews
- Execute vulnerability scans using tools like Tenable
- Analyze results from SAST, DAST, and manual testing
- Document findings including severity, exploitability, reproduction steps, and remediation guidance
- Integrate and maintain SAST/DAST tools within CI/CD pipelines
- Perform vulnerability validation, PoC development, and false-positive analysis
- Apply risk-based prioritization and track remediation to closure
- Provide L2/L3 support, incident investigation, and root cause analysis (RCA)
- Maintain AppSec documentation, audit evidence, and compliance reports
- Track and report vulnerability metrics, scan coverage, and remediation status
Required Skills
- Strong experience in Application Security (Web & API Security Testing)
- Expertise in OWASP Top 10 vulnerabilities and remediation techniques
- Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube)
- Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)
- Experience with vulnerability scanning tools (Tenable preferred)
- Knowledge of Secure SDLC and DevSecOps practices
- Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT)
- Proficiency in Python / Bash / PowerShell scripting
- Experience with CI/CD tools and pipeline security integration
- Familiarity with JIRA / ServiceNow or similar tracking tools
Preferred Qualifications
- Experience in manual penetration testing and exploit development
- Exposure to red team techniques and offensive security testing
- Experience in cloud environments (AWS / Azure / GCP)
- Knowledge of container and microservices security (Docker, Kubernetes)
- Experience supporting SOC 2, ISO 27001, or similar audits
Certifications (Preferred)
- OSCP / OSWE / GWAPT / eWPT
- CEH (Certified Ethical Hacker)
- CISSP / CSSLP
- AWS Security Specialty / Azure Security Engineer
- Certified Kubernetes Security Specialist (CKS)
Soft Skills
- Strong analytical and problem-solving skills
- Excellent communication and collaboration with engineering teams
- Ability to work in SLA-driven environments
- Detail-oriented with strong documentation skills