Awardco

Application Security Engineer

Awardco$100K — $130K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years of application security or software engineering with a security focus
  • Hands-on experience securing multi-tenant SaaS applications on public cloud platforms
  • Strong understanding of web and API security fundamentals
  • Familiarity with the OWASP Top 10 and common vulnerabilities
  • Experience with modern programming languages like JavaScript, Java, C#, Python, or Go
  • Hands-on experience with SAST, DAST, and other application security tools
  • Understanding of CI/CD pipelines and integrating security testing into workflows

Responsibilities

  • Embed security checkpoints into development processes
  • Partner with engineering leads to ensure security is integrated into new features
  • Facilitate threat modeling for new services and APIs
  • Perform secure code reviews for high-risk features
  • Configure and tune security scanning tools to highlight real risks
  • Integrate AI-assisted security tools into developer workflows
  • Build and deliver secure coding training tailored to the tech stack

Benefits

  • Flexibility to develop and innovate without compromising security
  • Collaborative team environment emphasizing partnership across disciplines
  • Opportunity to mentor and train engineers in secure coding practices
  • Involvement in shaping the security culture throughout the organization
  • Prospects for continuous learning and application of modern security practices
Full Job Description
We9re looking for an Application Security Engineer joining our IT & Security team to build and mature our application security program as we continue to scale our SaaS platform. In this role, you9ll partner closely with product, engineering, and operations teams to design, build, and ship secure features - without slowing down creativity and innovation. You9ll own the secure software development lifecycle, lead security reviews for new capabilities, and help drive a culture where every engineer treats security as part of quality.

You9ll also play a key role in enabling developers, building the skills and tooling they need to own security in their code through secure coding guidance, training, and a strong Security Champions program. If you enjoy rolling up your sleeves, solving real-world security problems, and making cloud products safer by design, this role is for you.

What you will do:
  • Embed security checkpoints into planning, design, development, testing, and release processes.
  • Partner with engineering leads to ensure new features ship with security built in, not bolted on.
  • Facilitate threat modeling for new services, APIs, and integrations.
  • Recommend secure patterns and architectures for multi-tenant SaaS and cloud-native components.
  • Perform targeted secure code reviews for high-risk features and components.
  • Configure and tune SAST, DAST, dependency, and container scanning to reduce noise and highlight real risk.
  • Integrate and optimize AI-assisted application security tools (e.g., GitHub Advanced Security, Snyk, Wiz, or similar) within developer workflows to improve signal and remediation speed.
  • Help define and maintain secure coding standards and patterns used across engineering teams.
  • Triage, prioritize, and track remediation of application and API vulnerabilities across the stack.
  • Advise on secure use of authentication, authorization, cryptography, and data protection controls.
  • Help evaluate and integrate third-party services and SDKs from a security perspective.
  • Provide clear, technical explanations of findings, mitigations, and residual risk.
  • Build and deliver pragmatic secure coding training tailored to our tech stack and common issues.
  • Create playbooks, checklists, and self-service guidance for developers to help them ship secure code independently.
  • Champion a 4secure by default4 mindset across product and engineering.
  • Grow and enhance the Security Champions program, mentoring developers to act as local security advocates on their teams.
  • Assist with investigation and remediation for application-level security incidents.
  • Help improve detection, logging, and alerting for application and API misuse.
What you will bring:
  • 6+ years of experience in application security or in software engineering with a strong security focus for web applications or APIs.
  • Hands-on experience securing cloud-hosted, multi-tenant SaaS applications on a major public cloud platform.
  • Strong understanding of web and API security fundamentals (authentication, authorization, session management, data validation, encryption, multi-tenant isolation, etc.).
  • Deep familiarity with the OWASP Top 10, common vulnerability classes, and practical exploitation/remediation techniques.
  • Experience with one or more modern programming languages (for example: JavaScript/TypeScript, Java, C#, Python, or Go) and the ability to read and reason about production code.
  • Hands-on experience with application security tooling, such as Static analysis (SAST), Dynamic analysis (DAST), Dependency and container scanning, and API security testing tools or frameworks.
  • Experience working with modern and AI-assisted security tooling (e.g., GitHub Advanced Security, Snyk, Wiz, or similar) and integrating them into CI/CD pipelines to improve developer experience and reduce risk.
  • Solid understanding of CI/CD pipelines and how to integrate security testing into automated workflows.
  • Ability to translate complex security issues into clear, actionable guidance for engineers and product partners.
  • Comfortable balancing risk, user experience, and delivery timelines in a fast-moving environment.
  • Strong ownership mindset and Collaborative, low-ego approach with a focus on building trust and partnership across teams.
  • Demonstrated ability and desire to train and mentor developers in secure coding best practices, enabling them to confidently build and ship secure features over time.

Nice to Have (Bonus Points, Not Requirements)
  • Experience helping support or respond to external pen tests, bug bounty reports, or coordinated disclosure.
  • Background working with compliance or regulatory frameworks (e.g., SOC 2, ISO 27001, PCI DSS) from the engineering side.
  • Relevant security certifications (e.g., OSWE, OSCP, GWAPT, CSSLP) or an equivalent track record of hands-on work.

About Awardco

Awardco is an employee recognition and rewards platform that allows companies to recognize and reward their employees for their hard work and achievements. The company was founded in 2015 by Steve Sonnenberg and Brent Freeman. Awardco has offices in Provo, Utah and St. George, Utah. The company's mission is to help companies create a culture of recognition and appreciation.
Learn more about Awardco
Size
100 employees
Industry
Net Income
-$1 million
Founded
2015
5 Year Trend
+150%
Revenue
$5 million

Similar Jobs

More Jobs at Awardco

More Information Technology Jobs

Find similar Application Security Engineer jobs: