Application Security Engineer / Senior AppSec Engineer
Job Information
Date Opened
03/27/2026
Job Type
Full time
Remote Job
Industry
Technology
This is a remote position.
We are seeking a skilled Application Security Engineer to drive secure development practices and manage end-to-end application security testing, vulnerability management, and DevSecOps integration. The role requires hands-on experience in SAST/DAST tools, vulnerability scanning, CI/CD security integration, and manual security testing across web and API-based applications.
- Key Responsibilities
- Perform application security assessments for web and API applications
- Integrate security into Secure SDLC (SSDLC) and DevSecOps pipelines
- Conduct threat modeling and security design reviews
- Execute vulnerability scans using tools like Tenable
- Analyze results from SAST, DAST, and manual testing
- Document findings including severity, exploitability, reproduction steps, and remediation guidance
- Integrate and maintain SAST/DAST tools within CI/CD pipelines
- Perform vulnerability validation, PoC development, and false-positive analysis
- Apply risk-based prioritization and track remediation to closure
- Provide L2/L3 support, incident investigation, and root cause analysis (RCA)
- Maintain AppSec documentation, audit evidence, and compliance reports
- Track and report vulnerability metrics, scan coverage, and remediation status
- Required Skills
- Strong experience in Application Security (Web & API Security Testing)
- Expertise in OWASP Top 10 vulnerabilities and remediation techniques
- Hands-on experience with SAST tools (Checkmarx, Veracode, SonarQube)
- Hands-on experience with DAST tools (Burp Suite, OWASP ZAP)
- Experience with vulnerability scanning tools (Tenable preferred)
- Knowledge of Secure SDLC and DevSecOps practices
- Strong understanding of HTTP, REST APIs, authentication (OAuth, JWT)
- Proficiency in Python / Bash / PowerShell scripting
- Experience with CI/CD tools and pipeline security integration
- Familiarity with JIRA / ServiceNow or similar tracking tools
- Preferred Qualifications
- Experience in manual penetration testing and exploit development
- Exposure to red team techniques and offensive security testing
- Experience in cloud environments (AWS / Azure / GCP)
- Knowledge of container and microservices security (Docker, Kubernetes)
- Experience supporting SOC 2, ISO 27001, or similar audits
- Certifications (Preferred)
- OSCP / OSWE / GWAPT / eWPT
- CEH (Certified Ethical Hacker)
- CISSP / CSSLP
- AWS Security Specialty / Azure Security Engineer
- Certified Kubernetes Security Specialist (CKS)
- Soft Skills
- Strong analytical and problem-solving skills
- Excellent communication and collaboration with engineering teams
- Ability to work in SLA-driven environments
- Detail-oriented with strong documentation skills
Apply tot his job
Apply To this Job