Senior Application Security Engineer

We are seeking a Senior Application Security (AppSec) Engineer to strengthen our security posture across our TrustSuite products, driving positive customer impact and rapidly innovating and optimizing application security across traditional and cutting-edge AI-enabled environments.

This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization.

This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support.

This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level.

Location: This role is primarily hybrid, based at our Reston, VA headquarters, with an average of 2-3 office days per week.

What will my responsibilities include as Senior AppSec Engineer at CertiPath?

• Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
• Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
• Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
• Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
• Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
• Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
• Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
• Support go-to-market efforts for highly regulated environments.

What qualificationsdoyou look for?

• U.S. citizenship and the ability to obtain a government clearance.
• 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
• Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
• Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
• Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
• Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
• Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
• Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
• Proven ability to define and drive high-level application security strategy and plans.
• Excellent communication skills for reporting findings and influencing outcomes.

We're extra impressed by folks who have:

• Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
• Prior experience testing in government or regulated environments

What kind of benefits does CertiPath offer?

CertiPath offers outstanding benefits, including health, dental, and vision coverage; a Health Savings Account plan; and a 401(k) plan with a generous employer match. We also believe strongly in maintaining a quality work-life balance, so we offer an unlimited PTO policy, seven company holidays, and a week-long break at the end of each year.