Senior Application Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application Security Engineer in the United States.

This role is ideal for a cybersecurity professional with a strong technical background who enjoys protecting applications and systems from evolving threats. You will work closely with development and engineering teams to integrate security best practices across the software development lifecycle. Your contributions will directly enhance the security posture of enterprise applications, manage vulnerabilities, and respond to potential incidents. The position provides a collaborative environment where security expertise meets product innovation, offering opportunities to work with modern development stacks, cloud infrastructure, and AI-enabled security tools. This is a chance to make a tangible impact on protecting valuable data while advancing your career in application security.

Accountabilities:

• Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities in applications.
• Design, develop, and implement security tools, frameworks, and methodologies to protect applications from threats.
• Partner with development teams to integrate security best practices throughout the SDLC, including secure coding guidelines.
• Perform threat modeling and risk assessments to proactively identify and mitigate potential risks.
• Support vulnerability management by tracking, analyzing, and guiding remediation efforts.
• Assist with incident response, investigating and documenting application-related security events.
• Stay informed on emerging security threats, vulnerabilities, and technologies to continuously improve application security practices.

• 5+ years of software development experience, ideally with exposure to information security or AppSec.
• Strong understanding of secure coding, threat modeling, and vulnerability management across the SDLC.
• Proficient in Go, Python, or Java, with experience in CI/CD pipelines and GitHub.
• Hands-on experience with security tools and frameworks (SAST, DAST, SCA, e.g., Snyk, Semgrep, OWASP ZAP, Burp).
• Knowledge of core information security concepts including malware, exploits, firewalls, and intrusion detection/prevention systems.
• Subject matter expertise in at least one of the following: Threat & Vulnerability Management, Incident Response, Threat Hunting, Red Teaming, or Penetration Testing.
• Ability to interpret and prioritize security data, and collaborate effectively with developers to remediate issues.
• Excellent communication skills to influence and work across engineering and security teams.

Preferred qualifications:

• Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform).
• Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz).
• Relevant certifications (ISC², ISACA, or GCP) and a degree in Computer Science or related field.
• Background securing AI infrastructure or model deployments.
• Strong analytical, time management, and problem-solving skills in fast-paced environments.