AppSec Security Engineer

Ares Management Corporation

$240K — $270K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Proficient in SAST/SCA/DAST tools and container/IaC scanning
  • Hands-on with various CI/CD tools (e.g., GitHub Actions, Azure DevOps)
  • Experienced with Terraform, Kubernetes, and cloud security, preferably Azure
  • Hands-on application security experience with knowledge of OWASP vulnerabilities
  • Strong skills in threat modeling and collaboration with Product and Engineering teams
  • Experience in developing security tooling or automation solutions
  • Ability to effectively communicate risks to engineering teams

Responsibilities

  • Embed security into CI/CD pipelines using various scanning tools
  • Develop secure infrastructures as code patterns using Terraform and similar tools
  • Establish secure coding standards and reusable libraries with engineering teams
  • Integrate AI-driven assistance to enhance security review processes
  • Lead security design and threat modeling sessions with cross-functional teams
  • Evaluate API designs for security vulnerabilities
  • Drive improvements in application security coverage and tooling

Benefits

  • Comprehensive Medical/Rx, Dental, and Vision plans
  • 401(k) program with company match
  • Flexible Savings Accounts (FSA) and Healthcare Savings Accounts (HSA)
  • Basic and Voluntary Life Insurance
  • Long-Term and Short-Term Disability insurance
  • Employee Assistance Program (EAP)
  • Access to a world-class medical advisory team
  • Financial wellness benefit including an advisor
  • Matching gift program and education sponsorship program
  • Additional support for new parents, reproductive health, and emergency childcare
Full Job Description
Job Description

Job Family: Cybersecurity Engineering

REPORTING RELATIONSHIPS

Reports to: Cybersecurity Engineering Manager

Direct Reports: None

POSITION SUMMARY STATEMENT

We are seeking an experienced Application Security Engineer to build, mature, and scale our AppSec program. In this role, you will embed directly with our Product and Engineering teams to secure both our third-party SaaS applications and our home-grown applications. You will serve as a trusted security consultant and a hands-on engineer. You will review complex API designs, threat model new features, and build custom security tooling. You will play a critical role in defining security development standards from scratch and automating security controls directly into our CI/CD pipelines.

We're seeking someone who is excited to bring an automation-first mindset and who knows how to balance developer needs with risk-informed pragmatism. You will bridge security, development and operation cultures by translating between development who want speed, security teams who want safety, and operation teams who want stability.

We value diverse backgrounds, perspectives, and experiences, and we are committed to building a team where everyone feels they belong. We especially encourage candidates from underrepresented communities in cybersecurity and technology to apply. Our interview process focuses on problem-solving ability, practical skills, and collaborative mindset.

DETAILED RESPONSIBILITIES/DUTIES

You will help advance our automation-first engineering strategy by designing and maintaining the foundational systems that enable secure, reliable, and scalable software delivery across the organization.

Engineering and Development
  • Pipeline Integration: Embed SAST, SCA, DAST, container/IaC scanning, and secret detection tools into pipelines for home-grown apps.
  • Infrastructure as Code: Develop secure IaC patterns using Terraform, Helm, and Kustomize.
  • Build Security Tooling: Partner with engineering teams to establish and champion secure coding standards, creating reusable security patterns and libraries that make it easier for developers to build securely by default
  • AI-empowered Review Assistance: Integrate and leverage AI agents to help increase velocity for the security team and the overarching engineering org to ensure that we are proactive in minimizing risk while we build products

Architecture & Design Consultation
  • Security Design & Threat Modeling: Lead security design and threat modeling sessions based on OWASP Top 10 and Mitre & Attack with Product and Engineering teams during early software design phases
  • API Security Evaluation: Review API designs and integrations to eliminate authentication anti-patterns, token mismanagement, and injection risks.
  • Cloud & Container Security: Define and validate security controls for Azure and Kubernetes to mitigate application-layer risks.

Collaboration & Governance
  • Program Maturation: Define AppSec coverage, tooling, and assessment processes from scratch across our application landscape. Own and evolve our application security program including establishing and maintaining SAST/DAST scanning in CI/CD pipelines, conducting security code reviews for critical changes, and building automation that catches vulnerabilities before they reach production
  • Stakeholder Management: Partner with engineering teams and stakeholders to remediate vulnerabilities and drive long-term improvements in secure coding practices


  • Risk Communication: Translate complex security risks into clear, actionable engineering requirements for development teams


SUPERVISORY RESPONSIBILITIES

None

Required Qualifications
  • Proficient in SAST/SCA/DAST, container/IaC scanners, and secret scanning into pipelines
  • Hands-on with one or more CI/CD stacks (GitHub Actions, GitLab CI, Azure DevOps, Jenkins)
  • Proficient in Terraform/IaC, Kubernetes, and cloud provider security (Azure preferred)
  • Significant hands-on application security experience, , including expert knowledge of established standards (OWASP Top 10, API Security Top 10, OWASP LLM Top 10) and how common vulnerability classes manifest in production systems
  • Strong Threat modeling and security review experience with Product and Engineering teams
  • Experience building security tooling or automation (scripts, pipelines, libraries)
  • Familiarity with Azure and Kubernetes security controls as they relate to application-layer risks
  • Demonstrated experience reviewing API designs and implementations for auth anti-patterns, token mismanagement, injection risks, and sensitive data exposure
  • Experience building or maturing an AppSec program where coverage, tooling, or process needed to be defined from scratch
  • Familiarity with OIDC workload identity, artifact registries, and software supply chain controls
  • Clear communicator who can translate risk into engineering work

Preferred Qualifications
  • Built policy gates with OPA/Gatekeeper or Kyverno; authored custom policies.

Education
  • Bachelor's degree, relevant technical training, or equivalent hands-on experience. We welcome candidates with nontraditional educational paths.
  • Azure Security Certification is preferred
  • Advanced certifications in cloud and AI security are a plus.

LEADERSHIP REQUIREMENTS
  • Strong sense of ownership, accountability, and attention to detail.
  • Ability to manage competing priorities and deliver results in a dynamic environment while maintaining healthy work practices.
  • Proven track record of developing and maintaining structured processes that support efficiency, scalability, and rapid business growth.
  • Inclusive leadership style; ability to work effectively with collaborators who have diverse backgrounds, communication styles, and technical strengths.
  • Curiosity and a growth mindset, with the ability to adapt approaches to evolving technology landscapes.
  • Strong communication skills for bridging technical and business perspectives.
  • Role requires occasional coordination with global teams; we support flexible scheduling to accommodate individual needs.
  • The team supports different communication and work styles.

Why Join Us

You will have the opportunity to define foundational controls for rapidly expanding cloud and AI environments, influence enterprise-wide security strategy, and collaborate with highly skilled engineering and security teams across the organization. Your work will directly safeguard the platforms that power next-generation innovation in one of the industry's most dynamic environments.

We are committed to equitable hiring. Candidates may qualify through a combination of education, training, lived experience, or self-directed learning. If you're excited about the role but don't meet every listed requirement, we encourage you to apply.

Reporting Relationships
Principal, Cybersecurity Platform Engineering

Compensation

The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.

$240,000 - $270,000

The firm also offers robust Benefits offerings. Ares U.S. Core Benefits include Comprehensive Medical/Rx, Dental and Vision plans; 401(k) program with company match; Flexible Savings Accounts (FSA); Healthcare Savings Accounts (HSA) with company contribution; Basic and Voluntary Life Insurance; Long-Term Disability (LTD) and Short-Term Disability (STD) insurance; Employee Assistance Program (EAP), and Commuter Benefits plan for parking and transit.

Ares offers a number of additional benefits including access to a world-class medical advisory team, a mental health app that includes coaching, therapy and psychiatry, a mindfulness and wellbeing app, financial wellness benefit that includes access to a financial advisor, new parent leave, reproductive and adoption assistance, emergency backup care, matching gift program, education sponsorship program, and much more.

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.

Similar Jobs

More Jobs at Ares Management Corporation

More Information Technology Jobs

Find similar AppSec Security Engineer jobs: