Application Security Engineer

This is a Full Time, Direct Hire Position with our Private Equity client in Boston, MAThis role follows a hybrid work model, offering up to 18 remote workdays per quarter. For example, you could work in the office four days per week and take one remote day each week (based on a typical 13-week quarter), with approximately five additional remote days available to use as needed.We are seeking an Application Security Engineer (ASE) to join a leading private equity client’s Security Engineering team. This individual will play a key role in advancing the organization’s application security program, partnering closely with engineering, platform, and risk teams to ensure secure software development practices across the enterprise.This is a highly visible, cross-functional role focused on embedding security into the SDLC, improving secure coding practices, and safeguarding sensitive financial data, client information, and critical business systems.Key ResponsibilitiesLead application security across the SDLC (code reviews, architecture, testing)Identify and remediate vulnerabilities across apps, APIs, and systemsPerform threat modeling and SAST/DAST/SCA testingDefine security standards, including for AI-assisted development toolsIntegrate security into CI/CD and promote DevSecOps practicesPartner with engineering, risk, and compliance teamsSupport audits, pen testing, and incident responseSecure and monitor third-party SaaS applications (SSPM)Track security metrics and improve program effectivenessProvide secure coding guidance and trainingStrong application security knowledge (e.g., OWASP Top 10)Experience securing web apps, APIs, and microservicesHands-on with SAST, DAST, and SCA toolsFamiliarity with AI coding tools (e.g., GitHub Copilot) and risksProficiency in Java, Python, C#, or JavaScriptExperience with cloud, containers, IaC, and DevSecOpsStrong communication across technical and business teamsPreferred QualificationsBachelor’s degree or equivalent experienceSecurity certifications (CISSP, CSSLP, OSCP, etc.)Experience in regulated industries (finance, fintech, etc.)Knowledge of frameworks (SOC 2, SOX, PCI DSS, GDPR)