Application Security Engineer

Requirements

• Conduct threat modeling and security architecture reviews for new and existing applications and services.
• Perform manual code reviews, secure design consultations, and pair with engineering teams on hardening critical components.
• Operate and tune SAST, DAST, IAST, SCA, and secret-scanning tools across CI/CD pipelines.
• Drive vulnerability management workflows including triage, prioritization, owner assignment, and SLA tracking.
• Build paved-road libraries and frameworks that make secure patterns the default for engineering teams.
• Lead red-team and purple-team exercises against internal applications and drive remediation of identified weaknesses.
• Implement and operate runtime protections including WAF, RASP, bot protection, and abuse-detection mechanisms.
• Design and enforce secure authentication, authorization, session management, and cryptographic patterns.
• Partner with infrastructure and platform teams to harden container, Kubernetes, and cloud environments.
• Develop and deliver application security training, lunch-and-learns, and onboarding content for engineering staff.
• Respond to security incidents involving application vulnerabilities or active exploitation.
• Track and apply emerging threats and CVEs that may affect the application portfolio.
• Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time.
• Stay current with application security research and emerging defensive tooling.

Benefits

• Competitive base salary commensurate with experience, plus benefits.
• Generous Paid Time Off
• 401k Matching
• Retirement Plan