Application Security Engineer
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
Application Security EngineerPosition Overview The Application Security Engineer is a mid-to-senior level individual contributor responsible for performing application security assessments, supporting vulnerability management operations, and providing security expertise to internal stakeholders and partner organizations. This role requires a self-directed professional who can manage their own workload, make independent decisions within established guidelines, and serve as a reliable subject matter expert within the application security program.Core Responsibilities Application Security Assessments Perform dynamic and manual application security assessments for new applications, applications undergoing major updates, and applications migrating to cloud environmentsReview vendor-provided security assessments for completeness, validity, and accuracyProvide expert guidance to stakeholders on security findings, risk severity, and remediation approachesManage assessment queues and customer timelines, communicating proactively when timelines are at riskSupport mobile application security reviews and business process automation security reviewsVulnerability Management Assist with Nessus-based vulnerability scanning operations across multi-environment infrastructure including physical data centers, AWS, Azure, and GCPSupport ad-hoc scan requests and new system build scansAssist with vulnerability finding interpretation, false positive validation, and stakeholder communicationContribute to vulnerability research and monitoring for zero-day or actively exploited vulnerabilitiesCloud & WAF Support Develop working familiarity with Web Application Firewall (WAF) operations across AWS, Azure, and Cloudflare environmentsUse Splunk for log analysis and investigation, including hunting WAF blocks and identifying anomalous activitySupport cloud security posture awareness and stakeholder consultation as neededGRC & Stakeholder Coordination Use the Archer GRC platform to document findings, manage workflows, and support compliance reportingCoordinate directly with stakeholders to communicate assessment status, findings, and remediation guidanceContribute security expertise to RFI, RFP, and research projects as neededQualifications Experience 5+ years of direct, hands-on experience performing dynamic application security assessmentsDemonstrated experience with vulnerability management concepts and operationsExperience programming or scripting in one or more languages relevant to application security (e.g., Python, JavaScript, Java)Certifications One or more active security certifications required. Preferred certifications include:Certified Ethical Hacker (CEH)CompTIA Security+CompTIA PenTest+GIAC Web Application Penetration Tester (GWAPT)Offensive Security Certified Professional (OSCP)Or equivalent industry-recognized security certificationTechnical Skills — Required Proficiency with Burp Suite or OWASP ZAP for dynamic application testingExperience performing manual application security testing beyond automated scanningSolid understanding of the OWASP Top 10 and common application vulnerability classesExperience working in cloud environments (AWS, Azure, and/or GCP)Technical Skills — Preferred Experience with Nessus or comparable vulnerability scanning platformsFamiliarity with Web Application Firewall concepts and operationsExperience with Splunk or comparable SIEM platforms for log analysisExperience with Archer GRC or comparable GRC platformsFamiliarity with mobile application security assessment methodologiesAbility to read and evaluate application code for security weaknessesFamiliarity with vulnerability and exploit research and risk classificationSoft Skills Ability to work independently and manage competing priorities without close supervisionStrong written and verbal communication skills, including explaining complex security findings to non-technical audiencesInterruption-tolerant work style with the ability to context-switch while maintaining assessment qualityAbility to professionally manage conflict when stakeholders push back on findings; must defend technically sound conclusions while remaining respectful and solution-orientedCollaborative team approach with willingness to contribute across program areasWork Environment This is a remote position. The successful candidate will join a small, high-performing security team and is expected to carry a full workload from an early stage. Assessment work is time-sensitive and requires focused, uninterrupted work blocks; candidates should be comfortable managing their own schedule while remaining responsive to stakeholder needs. The role includes a structured onboarding and knowledge transfer period.