Application Security Engineer

Wolfe, LLC

$110K — $120K *
Information Technology
Less than 5 years of experience
Job Overview by Ladders

Qualifications

  • 2+ years in application security, DevSecOps, or software development with security exposure, with a relevant degree or equivalent experience.
  • Strong understanding of secure coding principles (OWASP Top 10, SANS CWE Top 25) with a coding background.
  • Hands-on exposure to CI/CD pipelines and an interest in integrating security tools into them.
  • Excellent verbal and written communication skills for diverse audiences.
  • Willingness to learn enterprise security tools; experience with tools like SAST/DAST is a plus, not a requirement.
  • No certifications required; support offered for CISSP, OSCP, AWS Security Specialty, and more.

Responsibilities

  • Perform code reviews and security testing, collaborating with developers to fix vulnerabilities.
  • Integrate automated security tools in CI/CD pipelines and automate findings triage and reporting.
  • Manage and track the vulnerability management program and Bug Bounty submissions.
  • Enhance Bot Management and API security controls across applications.
  • Promote secure coding standards and measure DevSecOps maturity using frameworks.
  • Collaborate with various teams to share secure coding and vulnerability management practices.

Benefits

  • Restricted Stock Units (RSUs)
  • Profit Share and/or Incentive Bonus
  • Comprehensive health insurance (Wolfe covers 80% of premiums)
  • 100% company-paid Short-Term Disability Insurance
  • Voluntary Long-Term Disability, Life Insurance, and other coverages
  • Paid Time Off (PTO) and holidays
  • 401(k) plan
  • Employee recognition program and referral bonuses
  • Tuition reimbursement and internal training sessions
  • Engagement in family and cultural events like picnics and holiday parties
Full Job Description
Application Security Engineer

Department: Security

Employment Type: Full Time

Location: Pittsburgh, PA

Compensation: $110,000 - $120,000 / year

Description

About The RoleWolfe is a Pittsburgh-based FinTech company building the next generation of financial products, and we are actively embedding AI across our product, our internal processes, and the way our teams work day-to-day. As an Application Security Engineer, you'll work hands-on alongside developers and DevOps engineers to build security into how we ship software - reviewing code, improving AI agent behaviors, hardening CI/CD pipelines, and helping teams find and fix vulnerabilities across application code, containers, and cloud infrastructure. This role is built for growth: whether you're a developer moving into security or an early-career security engineer expanding into application security, you'll learn enterprise security tooling - including AI/ML and LLM-powered tools - with support to earn certifications and grow alongside a security team that mentors in person.

We're looking for candidates who are enthusiastic about an in-office culture. This is a 5-day onsite role in Pittsburgh, PA.

Responsibilities
  • Perform code reviews, SAST/DAST testing, basic penetration tests, and basic threat modeling, and work with developers to remediate vulnerabilities across application code, libraries, containers, and infrastructure as code.
  • Integrate and run automated security tooling (such as Snyk, SemGrep, or Cycode) within CI/CD pipelines across code repositories (such as GitHub, GitLab, Jenkins, or AWS DevOps), and help automate findings triage and reporting.
  • Manage a vulnerability management program, vulnerability scanning tools and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs.
  • Help operate and improve Bot Management, WAF, secrets management, and API security controls across Wolfe's applications.
  • Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to measuring DevSecOps maturity using a framework such as DSOMM or BSIMM.
  • Partner with developers, security operations, product management, and incident response teams, sharing secure-coding and vulnerability-management practices as you grow your own expertise.


Impact Statement

For more clarity on the role, below are the success metrics and measurements for this role in the first 90 to 120 days.:
  • Update existing Application Security Strategy and make improvements on monitoring and reporting on KPI's
  • Make a significant improvement to least one automated security tool (DAST, SAST, SCA, or container scanning) in the production CI/CD pipeline, with results feeding a documented triage workflow.
  • Driving additional Bug Bounty submissions and improve bot management turning & protections prior to end of Q3.
  • Provide product and technology advisement and testing for new application and AI functionality
  • Develop and plan a purposeful Application and AI development training program


Qualifications
  • 2+ years of experience in application security, DevSecOps, or software development with security exposure - including developers looking to move into a dedicated security role - plus a Bachelor's in Information Security, Cybersecurity, Computer Science, or a related field (equivalent experience accepted in lieu of a degree).
  • A real coding background and working knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25).
  • Some hands-on exposure to CI/CD pipelines (GitHub, GitLab, Jenkins, or AWS DevOps) and an interest in integrating security tooling into them.
  • Strong verbal and written communication skills, with the ability to explain security concepts to both technical and non-technical teammates.
  • Eagerness to learn enterprise security tooling (vulnerability scanners, Bot Management, SAST/DAST/SCA) and maturity frameworks like DSOMM or BSIMM - deep prior experience with these is a plus, not a requirement.
  • No certifications required; experience with CISSP, OSCP, GCSA, AWS Security Specialty, or CSSLP is a plus, and we'll support you in earning them.


Compensation, Benefits, and Perks

Wolfe is committed to providing a comprehensive benefits package to support your well-being, along with competitive compensation. Our benefits and perks include but not limited to:
  • Restricted Stock Units (RSUs)
  • Profit Share and/or Incentive Bonus
  • Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium)
  • Short-Term Disability Insurance (Wolfe pays 100% of premium)
  • Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage
  • PTO (vacation and sick time)
  • Corporate Holidays and Floating Holidays
  • 401(k)
  • Employee recognition program
  • Charitable Donation to a charity of your choice yearly
  • Employee Referral Bonus
  • Tuition Reimbursement
  • Internal Training and Information sessions
  • Family Picnic, Holiday Party, and other outings
  • Internal Culture Club

Similar Jobs

More Jobs at Wolfe, LLC

  • Software Engineer
    $85K — $95K *
    Pittsburgh, PA 15237 (Allegheny County)
    Information Technology
    In-Person
  • VP of Sales
    $120K — $180K *
    Pittsburgh, PA 15237 (Allegheny County)
    Business Services
    In-Person
  • DevOps Engineer
    $111K — $129K *
    Pittsburgh, PA 15237 (Allegheny County)
    Information Technology
    In-Person
  • VP of DevOps
    $216K — $228K *
    Pittsburgh, PA 15237 (Allegheny County)
    Finance & Insurance
    In-Person

More Information Technology Jobs

Find similar Application Security Engineer jobs: