Associate Application Security EngineerNorth - RemotePlease Note: Only candidates located in the Eastern or Central Time zone will be considered.North is a US based company and this role is not eligible for current or future sponsorship.Join our security team as an Associate Application Security Engineer and play a hands-on role in defending cloud infrastructure, networks, and modern web applications using enterprise-level tools. In this role, you will develop your expertise in vulnerability assessment and threat research while collaborating closely with engineering teams to drive timely and effective remediation. You'll leverage automation, scripting, and data analysis to scale security testing, reduce risk, and continuously monitor critical assets.
This is an excellent opportunity for an early-career security professional looking to grow their skills in a fast-paced, collaborative environment.What you'll do:- Application protection and defense, recommend configuration changes, adjustments and enhancements for web application protection controls and monitor for and report on abnormal events.
- Coordinate with application and infrastructure teams to ensure effective protections and responses.
- Conduct application assessments and security tests together with the testing team. Maintain, add, enhance, and expand the scope of application assessments and penetration tests.
- Use augmented instruments and tools for application assessments and evaluations.
- Document, triage and track vulnerabilities and exposures as well as assisting and advising on remediation.
- Identify and track risks and exposures, create leads for assessments
- Document and maintain operational processes and procedures.
What we need from you:- Bachelor of Science in Cybersecurity, Computer Science, or an allied technical discipline, complemented by equivalent professional expertise.
- Experience with web vulnerabilities, web attack paths, and web vulnerability remediation in modern web frameworks
- Experience with cloud platforms (AWS, Azure, GCP) and their native security tools
- Experience with security testing tools such as BurpSuite, nmap, Metasploit, and security testing distributions such as Kali Linux
- Experience with data analysis and SIEM tools (e.g., Grafana, Opensearch, CS NextGen SIEM) for log analysis and monitoring
- Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs)
- Basic scripting knowledge using Python, Bash, and PowerShell
- Comfortable using terminals, scripting, and automation for WAF automation use-cases
- Ability to translate complex technical vulnerabilities, threat impact, and remediation urgency into actionable, risk-prioritized reports for both technical and non-technical stakeholders
How to stand out (preferred):- Relevant industry certifications and qualifications (e.g., CompTIA Security+, CEH, OSCP, or equivalent) are a plus
- Experience executing penetration testing aligned with OWASP Top 10 standards and modern browser security baselines
- Experience partnering with engineering teams on vulnerability remediation, including CSP rules, secure CORS origins, and HSTS enforcement
- Experience developing novel testing methodologies to bypass or harden application-layer defenses
- Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines
- Ability to refine automated security tools to reduce false positives and ensure continuous monitoring of critical web assets
- Experience conducting security research and threat intelligence to advance organizational defenses
- Knowledge of hardened security configurations including CSP rules, secure CORS origins, and strict HSTS enforcement
Salary range: $90,000-$125,000Pay within this range varies by work location and on job-related knowledge, skills, and experience. We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process.
Please note: North is a US based company and no sponsorship is available for this position at this time.
