Application Security Engineer

$90K — $130K *
US-AnywhereRemote in United States
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 5+ years of experience in application security and vulnerability management
  • Strong understanding of secure coding practices and common security vulnerabilities
  • Proficiency with containerization technologies like Docker and Kubernetes
  • Experience with security testing tools such as Burp Suite and Fortify
  • Familiarity with DevSecOps principles and CI/CD security integration
  • Scripting skills in Python, PowerShell, or Bash for automation
  • Relevant certifications like CISSP and OWASP certifications are advantageous

Responsibilities

  • Partner with development teams to integrate security best practices in the SDLC
  • Conduct threat modeling and security architecture reviews
  • Identify and mitigate application vulnerabilities through various testing methods
  • Implement and manage application security tools and solutions
  • Ensure compliance with regulatory standards during application development
  • Collaborate with DevOps and IT to secure CI/CD pipelines
  • Design and oversee access control mechanisms for APIs and platforms
  • Develop standards for secure use of AI tools and code

Benefits

  • Opportunity to work with innovative security solutions
  • Collaborative environment with cross-functional teams
  • Focus on cutting-edge technologies within application security
  • Flexibility to adapt to evolving security challenges
  • Strong support for continued education and certifications
Full Job Description

Responsibilities

The Application Security Engineer plays a crucial role in securing our growing portfolio of applications. This role will focus on integrating security best practices into the Software Development Lifecycle (SDLC), ensuring compliance with regulatory requirements, proactively mitigating threats, and collaborating closely with developers to enhance the overall security posture of our applications.

  

As a subject matter expert in application security, the Application Security Engineer will lead the charge in finding and implementing innovative security solutions while ensuring the organizationremainsresilient against evolving threats. This individual will work closely with development and IT teams to embed security into application architecture, offer technical guidance to junior team members, and drive the implementation of security initiatives essential for meeting business and compliance needs.

  

Responsibilities

  • Partner with development teams to embed security best practices across the SDLC, including design, development, and deployment, andprovidesecure coding guidance
  • Conduct threat modeling and security architecture reviews toidentifydesign-level risks and implementappropriate securitycontrols
  • Identify, assess, and mitigate application vulnerabilities through a combination of automated (SAST/DAST) and manual code reviews, as well as penetration testing, and drive risk-based remediation
  • Implement and manage application security tools, including SAST, DAST, Software Composition Analysis (SCA), and other security scanning solutions
  • Ensure application security practices align with regulatory standards such as NYDFS, NIST, and OWASP guidelines
  • Partner with DevOps, IT, and security teams to integrate security into CI/CD pipelines and engineering workflows
  • Design and oversee the implementation of authentication, authorization, and access control mechanisms for APIs and platforms
  • Develop and enforce secure usage standards and governance for AI tools and AI-generated code, addressing risks such as prompt injection, data leakage, insecure code generation, and model misuse, while aligning with regulatory and industry standards
Qualifications
  • 5+ years of experience in application security, secure software development, and vulnerability management
  • Strong knowledge of secure coding practices, OWASP Top 10,OWASP Top 10 for LLMs, MITRE ATLAS,and common security vulnerabilities
  • Experience with containerization technologies such as Docker and Kubernetes, the principles of container operation, and their secure interaction
  • Experience with security testing tools (e.g., Burp Suite, Fortify, Veracode, or similar)
  • Experience with Black Duck/Polaris with Apex code (Salesforce) is a plus
  • Familiarity withDevSecOpsprinciples and integrating security into CI/CD pipelines
  • Direct experience with security tools such as vulnerability scanners, intrusion detection systems, and log analysis tools
  • Understanding of regulatory frameworks and compliance requirements (e.g., NYDFS, GDPR, SOC 2)
  • Ability in scripting and automation using languages such as Python, PowerShell, or Bashand leverage AI driven tools to streamline and enhance security process and workflows
  • Experience withBlackDuck/PolarisandApex code (Salesforce) is a plus
  • Relevant certifications such as CertifiedDevSecOpsEngineer, CISSP, OWASP certifications, GIAC GWAPT

#LI-CC1

Similar Jobs

More Jobs at

More Information Technology Jobs

Find similar Application Security Engineer jobs: