Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Application Security Engineer

Posted 8 days agoViewed

View full description

💎 Seniority level: Senior, 5+ years

📍 Location: United States

💸 Salary: 159800.0 - 235000.0 USD per year

🔍 Industry: Software Development

🏢 Company: DoorDash USA

⏳ Experience: 5+ years

🪄 Skills: AWSPythonCloud ComputingJavaKotlinKubernetesAPI testingMobile testingREST APICI/CDMicroservicesScripting

Requirements:
  • 5+ years of experience as an application engineer or an information security discipline.
  • Deep understanding of each OWASP top 10 vulnerability, microservices security and design.
  • Well versed with scripting languages (e.g., python) and other programming languages (e.g., java).
  • Experience with implementing and managing CI/CD pipeline security
  • Experience in payments security or in financial technology
  • Experience solving complex, systemic issues that require creative thinking and solutions.
  • Excellent verbal and written communication skills - you can explain security design with respect to cloud infrastructure to security and engineering personnel.
Responsibilities:
  • Work directly with engineering and security leaders to enact security strategies for DoorDash’s financial applications.
  • Be hands-on and perform manual and automated code reviews to identify vulnerabilities in APIs, microservices and mobile apps (Android and iOS).
  • Conduct regular application security assessments.
  • Define, document and implement security standards, guidelines and procedures for secure operations.
  • As part of architectural and design review committees, provide actionable feedback in engineering design reviews.
  • Manage the lifecycle of application vulnerabilities, from identification to remediation and reporting and metrics.
  • Integrate and manage security tools into the CI/CD process.
  • Ensure applications running within the cloud environment honor the requirements of information security policy and standards for segmentation and configuration.
  • Develop and implement secure network and process controls for Kubernetes environments.
  • Develop tools and automated tests for improving our Security efficiency.
Apply

Related Jobs

Apply
🔥 Application Security Engineer
Posted 8 days ago

📍 AMER, EMEA, APAC

🧭 Full-Time

🔍 Security

🏢 Company: asymmetric.re

  • Familiarity and practical experience with Application Security Testing (AST) tools.
  • Proven experience as a consultant, engineer, or auditor, ideally working on/with web applications.
  • Prior experience working with open source development practices.
  • Willingness and aptitude to work with and write in multiple languages, mainly Go, Rust, Python, and JavaScript.
  • Experience with reverse engineering and/or fuzzing.
  • Experience with code reviews.
  • Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.
  • Develop security tooling and developer workflows to aid in the early detection of vulnerabilities.
  • Collaborate with core contributors to conduct internal security audits of off-chain infrastructure.
  • Harden CI/CD pipelines and constrain the attack surface of off-chain components.
  • Collaborate with core contributors to reduce supply-chain risk.
  • Triage and respond to potential security incidents across all parts of the stack.
  • Work in a diverse decentralized team environment with web3 professionals.
  • Clearly communicate security risks and solutions.
  • Adhere to the highest standards of integrity, trust, and professionalism.

DockerPythonBlockchainCybersecurityJavascriptGoRustWeb3.jsCI/CDRESTful APIsLinuxDevOps

Posted 8 days ago
Apply
Apply
🔥 Senior Staff Application Security Engineer
Posted 15 days ago

📍 United States

🧭 Full-Time

💸 181000.0 - 266000.0 USD per year

🔍 Software Development

🏢 Company: Life360👥 251-500💰 $33,038,258 Post-IPO Equity over 2 years ago🫂 Last layoff about 2 years agoAndroidFamilyAppsMobile AppsMobile

  • 10+ years of hands-on experience in application security, securing cloud-based and containerized environments.
  • Strong understanding of cybersecurity threats, vulnerabilities, and mitigations, with a proactive approach to embedding security throughout the product lifecycle.
  • Deep expertise in secure design, threat modeling, offensive security, and risk reduction beyond compliance checklists.
  • Experience with modern application stacks, security tooling, and DevSecOps pipelines, with a passion for security automation and pragmatic defenses.
  • Working knowledge of one or more programming languages (preferably Python) and experience writing software that enhances security processes.
  • Exceptional ability to distill complex security concepts into clear actions, driving alignment across engineering teams without direct authority.
  • A collaborative mindset with a strong ability to build relationships, influence cross-functional teams, and lead high-impact security initiatives.
  • Creative and strategic thinker who can holistically reduce risk, scale security through smart design, and bring clarity to ambiguous challenges.
  • A track record of contributions to the security community (research, blogging, presentations, bug bounty) is a plus.
  • Strong bias for action, ownership, and delivering measurable improvements to security posture.
  • Drive “shift left” security initiatives, embedding security best practices seamlessly into the software development lifecycle to proactively identify and mitigate risks.
  • Assess third-party vendors and cloud service providers to ensure compliance with security and privacy standards.
  • Participate in the security on-call rotation to respond to and mitigate security incidents.
  • Document security-relevant architectural decisions and ensure security considerations are integrated into system designs.
  • Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed, confident decisions.
  • Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests to drive architecture changes
  • Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
  • Partner closely with product and engineering teams to design solutions that are secure by default
  • Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities. Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization.

AWSDockerPythonSoftware DevelopmentCloud ComputingCybersecurityKubernetesAPI testingREST APICI/CDDevOpsRisk Management

Posted 15 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 22 days ago

📍 US

🧭 Full-Time

🏢 Company: NerdWallet👥 501-1000💰 Secondary Market almost 4 years ago🫂 Last layoff 8 months agoInternetConsumerFinancial ServicesPersonal Finance

  • 8 + years of professional experience as a security engineer, software engineer, site reliability engineer, penetration tester/ red team member, or security consultant
  • 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)
  • Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)
  • High-level understanding of: security weaknesses, exploits, attacks and mitigations
  • In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods
  • Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review
  • Proven success as a collaborator with the ability to convey high-level security concepts to team members across the organization and technical and non-technical stakeholders at all levels
  • Ensure the timely delivery of high-priority product security initiatives
  • Be a strategic advisor to the Application and Product Security Program
  • Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
  • Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption
  • Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization
  • Design and develop security tools and processes to be leveraged by development teams
  • Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities
  • Help build the Red Team
  • Be a technical mentor to junior members of the team and help develop their skills

AWSDockerPythonAgileCloud ComputingCybersecurityJenkinsKubernetesTypeScriptAlgorithmsData StructuresCI/CDRESTful APIsMentoringLinuxDevOpsRisk ManagementSoftware Engineering

Posted 22 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 29 days ago

📍 United States, Canada

🧭 Full-Time

💸 154160.0 - 281060.0 CAD per year

🔍 Software Development

🏢 Company: Webflow👥 501-1000💰 $120,000,000 Series C about 3 years ago🫂 Last layoff 8 months agoCMSWeb HostingWeb Design

  • 7+ years of experience in application security, including 2+ years of software development focused on security.
  • Expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices.
  • Experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities.
  • Experience with software supply chain security and led bug bounty programs and security tooling initiatives.
  • Successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation.
  • Led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams.
  • Experience mentoring other application security engineers and fostering security best practices across organizations.
  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers

AWSDockerPythonSoftware DevelopmentCybersecurityGitKubernetesCI/CDRESTful APIsMentoringDevOpsComplianceJSON

Posted 29 days ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted about 1 month ago

📍 United States, Canada

🧭 Full-Time

🔍 Information Technology

  • 6+ years of Information Technology experience
  • 3+ years with Static Application Security Testing
  • 2+ years with Java, Python, .NET, or C#
  • 3+ years with Burp Suite
  • Experience with OWASP frameworks
  • Remediate application security flaws
  • Lead security discussions with application teams
  • Perform dynamic and static application performance testing

PythonEclipseJavaC#.NETLinux

Posted about 1 month ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted about 2 months ago

📍 United States, Canada

🧭 Full-Time

🔍 FinTech

🏢 Company: Imprint

  • 5+ years in cybersecurity, specifically focused on Application Security.
  • Hands-on coding experience and familiarity with modern development stacks (e.g., microservices, REST APIs, containerized environments).
  • Proficiency with SAST/DAST tools, threat modeling methodologies (e.g., MITRE ATT&CK), cryptography concepts (key management, encryption standards), and cloud security services (AWS, GCP, or Azure).
  • Conduct systematic threat modeling (e.g., leveraging the MITRE ATT&CK framework) to identify risks, define attack paths, and propose mitigations early in the development lifecycle.
  • Perform in-depth security architecture reviews to ensure applications and microservices follow secure design principles.
  • Collaborate with engineering teams to conduct code reviews, pinpoint vulnerabilities, and champion OWASP Top 10 best practices.
  • Integrate SAST and DAST into CI/CD pipelines, ensuring continuous and automated detection of security flaws.
  • Analyze testing reports and guide teams toward swift, effective remediation strategies.
  • Perform or coordinate targeted penetration tests on critical applications and systems.
  • Document findings and partner with engineers to implement sustainable fixes.
  • Advise on symmetric and asymmetric encryption mechanisms to safeguard data at rest and in transit.
  • Oversee secure key management, ensuring cryptographic libraries and protocols are properly utilized.
  • Develop and deliver training on secure coding fundamentals and OWASP principles.
  • Lead the “shift-left” security movement by embedding security considerations in early stages of development—a strong development background is required to effectively collaborate and coach.
  • Investigate and document application-focused security incidents.
  • Maintain and refine incident response playbooks, integrating lessons learned into ongoing improvements.
  • Align AppSec practices with PCI DSS, SOC 2, and relevant frameworks to support regulatory audits.
  • Work closely with Risk, Fraud, and Compliance teams to ensure continuous alignment between engineering, security, and business goals.

AWSCybersecurityGCPAzureREST APICI/CDMicroservicesCompliance

Posted about 2 months ago
Apply
Apply
🔥 Application Security Engineer -Veracode SME
Posted about 2 months ago

📍 United States

🔍 Software Development

  • Hands-on experience using Veracode for application security testing and vulnerability management
  • Proficient in utilizing Veracode's static and dynamic analysis tools and interpreting scan results
  • Able to provide clear and actionable remediation guidance
  • Provide technical and operational subject matter expertise and support services to our partners and clients
  • Utilizing Veracode for application security testing and vulnerability management
  • Interpreting scan results, and able to provide clear and actionable remediation guidance
  • Maintain a resilient security posture for highly visible applications

CybersecurityCI/CD

Posted about 2 months ago
Apply
Apply
🔥 Senior Application Security Engineer
Posted about 2 months ago

📍 United States

🧭 Full-Time

💸 152850.0 - 244560.0 USD per year

🔍 Cloud Software

🏢 Company: Axon👥 1001-5000💰 $246,000,000 Post-IPO Equity over 6 years agoGovTechElectronicsHardwareSoftware

  • Proficiency in Python, Java, Go, or C#
  • Strong experience with CI/CD workflows
  • In-depth understanding of vulnerabilities
  • Experience with security tools like Snyk and Semgrep
  • Knowledge of cloud platforms and containerization
  • Build and maintain security automation tools
  • Partner with engineering teams on secure architectures
  • Act as a trusted advisor for development teams
  • Deploy static, dynamic, and dependency scanning tools
  • Lead vulnerability management efforts
  • Create and enhance security automation tools

AWSDockerPythonGCPKubernetesC#AzureGoCI/CD

Posted about 2 months ago
Apply
Apply
🔥 Application Security Engineer
Posted 3 months ago

📍 United States, Canada

🧭 Full-Time

💸 110400.0 - 138000.0 USD per year

🔍 SaaS

  • 3+ years of experience in application security
  • Experience with penetration testing
  • Proficiency in coding/scripting languages (e.g., Python, Go)
  • AWS security knowledge
  • Web application testing experience
  • Participate in threat modeling exercises
  • Triage SCA/SAST/DAST/CSPM findings
  • Support vulnerability management efforts
  • Perform security assessments and internal penetration tests
  • Develop scripts and tools for automation

AWSDockerPythonGoREST APICI/CDLinuxScripting

Posted 3 months ago
Apply
Apply
🔥 Sr. Application Security Engineer
Posted 4 months ago

📍 United States, Canada

🧭 Full-Time

💸 118000.0 - 165000.0 USD per year

🔍 Software Development

🏢 Company: Syncro👥 101-250Information TechnologySoftware

  • Strong understanding of information security principles and practices
  • Experience in developing and implementing information security policies and procedures
  • Hands on experience managing application security across multiple engineering teams
  • Experience managing bug bounty programs
  • Managed vulnerability management programs
  • Participated in compliance audits such as SOC 2, HIPAA, etc
  • Experience investigating security incidents
  • Experience with application security testing tools (SAST and DAST)
  • Proficiency in Object Oriented programming languages/frameworks like Java, C#, Golang, etc
  • Solid understanding of AWS security and best practices
  • Develop and implement information security policies and procedures
  • Manage application security, including secure coding practices, vulnerability management, and penetration testing
  • Lead and/or collaborate on fixing identified vulnerabilities within the code base
  • Conduct security audits and risk assessments
  • Participate in compliance activities such as SOC 2 audit and HIPAA Compliance
  • Investigate security incidents and breaches
  • Train employees on information security best practices

AWSPHPJavaRuby on RailsC#Compliance

Posted 4 months ago
Apply