The Application Security Engineer will report to the Staff Security Engineer and will be responsible for advancing application security capabilities as part of a DevSecOps operating model. This role focuses on embedding security controls, automation, and secure development practices directly into the software delivery lifecycle for cloud-based applications.
The Application Security Engineer will partner closely with software engineering, DevOps, and cloud teams to shift security left, improve vulnerability detection and remediation workflows, and reduce risk without slowing delivery. This position emphasizes hands-on application security engineering, security tooling integration, and developer enablement across applications deployed in AWS and Azure environments.
Purpose/Impact: (Duties & Essential Functions) Application Security & Secure SDLC- Embed application security practices into all phases of the software development lifecycle (SDLC), from design through deployment and maintenance
- Perform application security assessments including static code analysis (SAST), dynamic testing (DAST), and software composition analysis (SCA)
- Develop and maintain threat models for critical systems and applications, collaborating with engineering teams to identify threats, assess risk, and drive remediation efforts
- Promote secure coding practices and contribute to secure development standards aligned with OWASP and industry best practices
DevSecOps Enablement & Automation- Partner with engineering and DevOps teams to integrate security tooling into CI/CD pipelines, enabling automated and repeatable security testing
- Analyze and manage vulnerability findings from tools such as GitHub Dependabot, application scanners, and cloud-native security services
- Help tune security tooling to reduce false positives and improve signal quality for development teams
- Support the adoption of security automation to improve consistency, efficiency, and scalability across application environments
Cloud & Platform Security Collaboration- Assist in securing applications deployed across AWS and Azure, including workloads running on IaaS, PaaS, and container-based platforms
- Identify risks to the confidentiality, integrity, and availability of application data hosted in cloud-based environments
- Collaborate with cloud and platform security engineers to ensure application security controls align with broader cloud security architecture
Risk Management, Monitoring & Response- Triage, prioritize, and track remediation of application vulnerabilities based on risk and business impact
- Assist in security investigations involving application vulnerabilities or security events
- Participate in periodic reviews of application security controls to validate effectiveness and compliance with organizational standards
Collaboration & Continuous Improvement- Act as a security partner to engineering teams by providing guidance, education, and actionable recommendations
- Contribute to the continuous improvement of application security processes, standards, and metrics
- Support governance, risk management, and compliance initiatives as they relate to application security
Strengths and Background- Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field
- 3-5 years of experience in application security, security engineering, or software engineering with a strong security focus
- Hands-on experience performing code reviews and application security testing across modern languages, frameworks, and APIs
- Experience working with application security tools such as SAST, DAST, and dependency scanning (e.g., GitHub Dependabot or similar)
- Strong understanding of OWASP Top 10, secure coding principles, authentication/authorization, and API security
- Practical experience supporting applications running in AWS and/or Azure cloud environments
- Familiarity with CI/CD pipelines, DevOps workflows, and DevSecOps concepts
- Ability to communicate security risks and remediation guidance clearly to developers and non-security stakeholders
- Strong analytical skills with the ability to balance security risk with delivery velocity
Preferred certifications include:Security+, CSSLP, GWAPT, GWEB, CEH, or other application security-focused certifications
What's in it for you?We offer a competitive salary along with exceptional benefits such as:
- Medical, Dental and Vision Coverage
- Hybrid Work Environment
- Life and Disability Insurance
- Unlimited Time off + Paid Holidays
- Flexible Friday's between Memorial Day and Labor Day
- 401(K) Savings Plan Matching at 4%
- 10 Coaching and Therapy sessions
- Mental Health Benefits
- Brand Discounts & Reimbursements
- In-house workout facilities
- Professional Development Opportunities
- Team Building, Employee Engagement Activities & so much more
WORK SCHEDULEPurpose Brands LLC, currently observe the following hybrid work model for employees at our Boca Raton (FL), Woodbury (MN), and Seattle (WA) offices:
- Remote optional: Fridays
- On-site days: Mondays, Tuesdays, Wednesdays and Thursdays
