Application Security Engineer

Conduct security testing on applications and provide practical remediation guidance.

Review designs, code, and upcoming features to identify risks early.

Contribute to internal tooling, automation, and documentation that streamline security processes.

Verify reported vulnerabilities and partner with engineering teams to resolve them.

Stay current with trends in application security and evolving threat techniques.

Work closely with product and engineering groups to strengthen our overall security posture.

~3 years of experience in application security or software engineering with a security focus.

Experience assessing web or mobile apps and performing vulnerability analysis.

Strong understanding of authentication, authorization, data validation, session handling, encryption basics, and secure communication.

Familiarity with OWASP Top 10, CWE, and common mobile security concerns.

Hands-on experience with tools like SAST, DAST, dependency scanners, or mobile assessment frameworks.

Ability to guide developers through remediation and validate fixes.

Comfort with at least one major language (Java, JavaScript/TypeScript, Python, Go, Swift, Kotlin, .

Understanding of secure development practices and CI/CD integration.

Working knowledge of API security and cloud fundamentals.

Strong communication skills.

Experience with threat modeling or secure design discussions.

Knowledge of OAuth 2.0, OIDC, SAML, or JWT.

Background with containers or cloud-native environments.

Familiarity with vulnerability management or security automation.

Certifications such as OSCP, GWEB, GWAPT, or CSSLP.