Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Application Security Engineer

Posted 1 day agoViewed

View full description

πŸ’Ž Seniority level: Junior, 2-5 years

πŸ“ Location: United States

πŸ’Έ Salary: 120000.0 - 150000.0 USD per year

πŸ” Industry: Banking

⏳ Experience: 2-5 years

πŸͺ„ Skills: AWSBackend DevelopmentNode.jsPostgreSQLSoftware DevelopmentCloud ComputingCybersecurityFrontend DevelopmentJavascriptReact.jsSoftware ArchitectureCI/CDRESTful APIsMentoringCompliance

Requirements:
  • Deep understanding of web application security including OWASP Top 10, authentication systems, session management, and common vulnerability classes.
  • Experience with security testing tools (SAST, DAST, dependency scanning) and the ability to build custom security tooling when needed.
  • Knowledge of secure coding practices, security architecture, and threat modeling.
  • Familiarity with cloud security (AWS preferred) and infrastructure security concepts.
  • Understanding of compliance frameworks (PCI DSS, SOC 2) or willingness to become an expert quickly.
Responsibilities:
  • Architect and implement security controls across our entire stack, from React frontend to Node.js APIs to PostgreSQL databases.
  • Hunt for and remediate complex vulnerabilities including authentication bypasses, race conditions, session fixation, and CSRF attacks.
  • Build sophisticated authentication, authorization, and session management systems for high-stakes banking applications.
  • Design security monitoring, automated threat detection, and incident response systems from the ground up.
  • Navigate and implement compliance requirements for PCI DSS, SOX, GDPR, and SOC 2 in a practical, engineering-focused way.
  • Lead security code reviews and establish security practices that scale with our growing engineering team.
  • Own security architecture decisions that will shape how millions of users safely access banking services.
Apply

Related Jobs

Apply
πŸ”₯ Application Security Engineer
Posted about 16 hours ago

πŸ“ United States

🧭 Full-Time

πŸ” Banking

  • 2-5 years in application security, security engineering, or software development with strong security focus
  • Deep understanding of web application security including OWASP Top 10, authentication systems, session management, and common vulnerability classes
  • Experience with security testing tools (SAST, DAST, dependency scanning) and the ability to build custom security tooling when needed
  • Knowledge of secure coding practices, security architecture, and threat modeling
  • Familiarity with cloud security (AWS preferred) and infrastructure security concepts
  • Understanding of compliance frameworks (PCI DSS, SOC 2) or willingness to become an expert quickly
  • Architect and implement security controls across our entire stack, from React frontend to Node.js APIs to PostgreSQL databases
  • Hunt for and remediate complex vulnerabilities including authentication bypasses, race conditions, session fixation, and CSRF attacks
  • Build sophisticated authentication, authorization, and session management systems for high-stakes banking applications
  • Design security monitoring, automated threat detection, and incident response systems from the ground up
  • Navigate and implement compliance requirements for PCI DSS, SOX, GDPR, and SOC 2 in a practical, engineering-focused way
  • Lead security code reviews and establish security practices that scale with our growing engineering team
  • Own security architecture decisions that will shape how millions of users safely access banking services

AWSBackend DevelopmentNode.jsPostgreSQLSQLCloud ComputingCybersecurityFrontend DevelopmentJavaReact.jsSpring BootCI/CDRESTful APIsCompliance

Posted about 16 hours ago
Apply
Apply
πŸ”₯ Application Security Engineer
Posted about 16 hours ago

πŸ“ United States

πŸ” Banking

  • 2-5 years in application security, security engineering, or software development with strong security focus
  • Deep understanding of web application security including OWASP Top 10, authentication systems, session management, and common vulnerability classes
  • Experience with security testing tools (SAST, DAST, dependency scanning) and the ability to build custom security tooling when needed
  • Knowledge of secure coding practices, security architecture, and threat modeling
  • Familiarity with cloud security (AWS preferred) and infrastructure security concepts
  • Understanding of compliance frameworks (PCI DSS, SOC 2) or willingness to become an expert quickly
  • Architect and implement security controls across our entire stack, from React frontend to Node.js APIs to PostgreSQL databases
  • Hunt for and remediate complex vulnerabilities including authentication bypasses, race conditions, session fixation, and CSRF attacks
  • Build sophisticated authentication, authorization, and session management systems for high-stakes banking applications
  • Design security monitoring, automated threat detection, and incident response systems from the ground up
  • Navigate and implement compliance requirements for PCI DSS, SOX, GDPR, and SOC 2 in a practical, engineering-focused way
  • Lead security code reviews and establish security practices that scale with our growing engineering team
  • Own security architecture decisions that will shape how millions of users safely access banking services

AWSNode.jsPostgreSQLCloud ComputingCybersecurityFrontend DevelopmentReact.jsAPI testingCI/CDRESTful APIsCompliance

Posted about 16 hours ago
Apply
Apply
πŸ”₯ Application Security Engineer [Remote-US]
Posted 16 days ago

πŸ“ United States

🧭 Full-Time

πŸ’Έ 170000.0 - 235000.0 USD per year

πŸ” Insurance

🏒 Company: QuanataπŸ‘₯ 101-250Software EngineeringInformation TechnologySoftware

  • Experience in working with software development teams to integrate security into complex application ecosystems.
  • Familiarity with security-by-design principles and a solid understanding of application security frameworks and standards.
  • Familiarity with cloud-based hosting providers like AWS, Google Cloud or Microsoft Azure.
  • Knowledge of OWASP and relevant standards like the Top 10, ASVS and MASVS.
  • Proficiency in at least one programming language and relevant security tools.
  • Familiarity with threat modeling paradigms such as STRIDE or STRIPED.
  • Collaborate with development and product teams to integrate security solutions into business-critical applications.
  • Assist in creating and refining product security threat models, focusing on security measures tailored to the unique challenges of the insurance sector.
  • Participate in secure code reviews and product security testing to identify vulnerabilities.
  • Implement application security best practices throughout the software development lifecycle.
  • Respond to vulnerabilities identified through internal security testing, prioritizing according to business impact.
  • Support initiatives to enhance security awareness and practices within the application development teams.
  • Work closely with compliance teams to ensure that applications adhere to industry-specific regulations and standards.
  • Document security procedures, best practices, and team initiatives using repeatable patterns.

AWSCloud ComputingCybersecurityCI/CDRESTful APIsMicroservicesComplianceRisk Management

Posted 16 days ago
Apply
Apply
πŸ”₯ Senior Application Security Engineer
Posted 20 days ago

πŸ“ United States, Canada, United Kingdom

🧭 Full-Time

πŸ’Έ 141600.0 - 212400.0 USD per year

πŸ” Software Development

  • Solid knowledge of common appsec vulnerabilities and their prevention (e.g., OWASP Top 10, SANS Top 25).
  • Experience in security testing, including code review, SAST, DAST, and vulnerability scanning.
  • Familiarity with incorporating security measures into all phases of software development, from initial concept to final launch including β€œShift Left” security.
  • Experience with SIEM, WAF, Risk Management Platforms, SAST/DAST or similar security tools.
  • Deep understanding of cloud security best practices and challenges, with specific expertise in AWS security services and architectures or equivalent.
  • Must be proficient in at least one scripting language (e.g., Python, Bash) to automate security tasks and integrate security tools.
  • Skilled in identifying, evaluating, prioritizing, and monitoring the remediation of security vulnerabilities.
  • Proven experience in handling security incidents, including identification, containment, and remediation.
  • Ability to clearly communicate technical security concepts to both technical and non-technical audiences, and to collaborate effectively with development, operations, and other teams.
  • Ability to analyze security issues, identify root causes, remediate and/or recommend effective solutions.
  • Participate in security projects, delivering secure and well-documented work.
  • Support SOC2 compliance and Pen Testing initiatives.
  • Deeply understand how to secure networks, applications, infrastructure, and data.
  • Utilize monitoring and vulnerability scanning tools to identify security concerns within the production environment and systems, remediate findings, or communicate them to the relevant team for triage.
  • Quickly learn the team's tech stack, security tool ecosystem, and environment.
  • Manage security projects independently, escalating when needed.
  • Meet project deadlines and investigate automation opportunities.
  • Build relationships with engineers.
  • Give actionable security feedback to developers.
  • Lead security discussions.
  • Prioritize security issues based on risk assessments.
  • Own and drive security incident response.

AWSDockerNode.jsPythonSoftware DevelopmentBashCybersecurityKubernetesCI/CDRESTful APIsDevOpsRisk ManagementScripting

Posted 20 days ago
Apply
Apply
πŸ”₯ Sr Application Security Engineer (Pen Tester)- Remote
Posted about 1 month ago

πŸ“ United States, Canada

πŸ” Healthcare

🏒 Company: VeradigmπŸ‘₯ 5001-10000πŸ’° $100,000,000 Post-IPO Equity almost 10 years agoInformation ServicesElectronic Health Record (EHR)HospitalInformation TechnologyHealth Care

  • 3+ years in a comparable security/testing role
  • Proficiency in pen testing on web applications using Burp Suite and other security testing toolkits, with network and system pen testing experience being welcome but at a lower priority
  • Deep understanding of the software development lifecycle and the various stages/areas where vulnerabilities can be introduced.
  • Excellent verbal and written communication skills. Ability to explain complex security issues and risks to non-technical stakeholders.
  • Strong analytical and problem-solving skills with the ability to think like both an attacker and a defender.
  • Knowledge of scripting and programming languages like Python, Bash, or Perl to automate tasks and write custom exploits if necessary
  • Lead application security architecture and design reviews, ensuring security is embedded at every stage of software development.
  • Perform threat modeling, security assessments, and secure code reviews to identify vulnerabilities and provide actionable remediation guidance.
  • Conduct in-depth web application security testing, including manual and automated assessments, to identify vulnerabilities such as injection flaws, authentication weaknesses, and misconfigurations.
  • Participate in and enhance the internal penetration testing program, applying offensive security techniques and developing test plans to simulate real-world attacks.
  • Collaborate with development teams to integrate secure coding practices, security automation, and pipeline security into CI/CD workflows.
  • Develop and refine security testing frameworks, tools, and methodologies to improve assessment capabilities and automation.
  • Stay updated on emerging threats, vulnerabilities, and mitigation techniques, ensuring continuous improvement and adoption of new security practices.
  • Educate and train product teams on application security best practices and secure development principles.
  • Assist in forensic investigations to determine the source and impact of security breaches when necessary.
  • Prepare and present detailed security reports with risk analysis and remediation strategies, effectively communicating to both technical and non-technical stakeholders.
  • Contribute to the continuous improvement of the application security program, ensuring alignment with evolving security landscapes and business needs.

PythonSQLBashCybersecurityAPI testingCI/CDRESTful APIsLinuxDevOpsComplianceScripting

Posted about 1 month ago
Apply
Apply
πŸ”₯ Application Security Engineer
Posted about 1 month ago

πŸ“ United States

🧭 Full-Time

πŸ’Έ 100000.0 - 125000.0 USD per year

πŸ” Cybersecurity

🏒 Company: Andesite

  • 4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
  • 2+ years of hands-on experience securing cloud-native applications and infrastructure.
  • Deep understanding of secure design principles, threat modeling, and software risk assessment.
  • Proficient in at least one programming language.
  • Strong knowledge of secure coding practices and ability to guide developers through remediation.
  • Experience writing scripts or tools to automate security tasks.
  • Expert understanding of OWASP Top 10, CWE/SANS Top 25, and other software security standards.
  • Familiarity with SAST, DAST, and SCA AppSec tools.
  • Experience integrating security tooling into CI/CD pipelines (DevSecOps).
  • Knowledge to perform penetration testing on AI components.
  • In-depth experience with at least one major cloud platform (AWS, Azure, or GCP).
  • Hands-on experience implementing cloud security controls.
  • Familiarity with infrastructure as code (IaC) security tools.
  • Knowledge of container security and orchestration best practices.
  • Exposure to cloud-native security services.
  • Experience conducting architecture and design reviews for security across applications and cloud environments.
  • Understanding of cloud compliance frameworks (e.g., PCI DSS, CIS benchmarks, NIST, SOC 2, ISO 27001).
  • Ability to implement and maintain secure configurations aligned with industry standards.
  • Proactively find security weaknesses during design, development, testing, and deployment phases, and work with teams to remediate them before they reach production.
  • Analyze application components, data flows, and trust boundaries to anticipate potential threats and integrate security into architectural decisions early.
  • Manage and maintain SAST, DAST, and SCA tooling: Configure, tune, and operationalize static, dynamic, and software composition analysis tools to support scalable and effective application security testing.
  • Conduct manual and automated code reviews to detect insecure coding patterns, logic flaws, and injection risks, ensuring code adheres to secure development standards.
  • Develop and maintain custom scripts and tools to automate security tasks, enhance visibility, and integrate security into development and operational workflows.
  • Enforce least privilege, secure network architectures, and strong identity and access controls across cloud accounts and services.
  • Monitor computer networks and systems with SIEM to identify vulnerabilities and respond to security threats and attacks.
  • Support with scanning, tracking, and remediating security vulnerabilities across systems and applications.
  • Provide training, documentation, and hands-on guidance to developers and engineers to build a strong security culture and shift security left in the SDLC.
  • Stay current with industry developments and best practices through training, conferences, and other professional development activities.

AWSPythonGCPKubernetesAzureCI/CDRESTful APIsLinuxDevOpsComplianceJSONScripting

Posted about 1 month ago
Apply
Apply
πŸ”₯ Application Security Engineer
Posted about 1 month ago

πŸ“ United States

🧭 Full-Time

πŸ’Έ 100000.0 - 125000.0 USD per year

πŸ” Cybersecurity

🏒 Company: Red Cell PartnersπŸ‘₯ 11-50Financial ServicesVenture CapitalFinance

  • 4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
  • 2+ years of hands-on experience securing cloud-native applications and infrastructure.
  • Deep understanding of secure design principles, threat modeling, and software risk assessment.
  • Proficient in at least one programming language.
  • Strong knowledge of secure coding practices and ability to guide developers through remediation.
  • Experience writing scripts or tools to automate security tasks.
  • Expert understanding of OWASP Top 10, CWE/SANS Top 25, and other software security standards.
  • Familiarity with SAST, DAST, and SCA AppSec tools.
  • Experience integrating security tooling into CI/CD pipelines (DevSecOps).
  • Knowledge to perform penetration testing on AI components.
  • In-depth experience with at least one major cloud platform (AWS, Azure, or GCP).
  • Hands-on experience implementing cloud security controls.
  • Familiarity with infrastructure as code (IaC) security tools.
  • Knowledge of container security and orchestration best practices.
  • Exposure to cloud-native security services.
  • Experience conducting architecture and design reviews for security across applications and cloud environments.
  • Understanding of cloud compliance frameworks (e.g., PCI DSS, CIS benchmarks, NIST, SOC 2, ISO 27001).
  • Ability to implement and maintain secure configurations aligned with industry standards.
  • Proactively find security weaknesses during design, development, testing, and deployment phases, and work with teams to remediate them before they reach production.
  • Analyze application components, data flows, and trust boundaries to anticipate potential threats and integrate security into architectural decisions early.
  • Manage and maintain SAST, DAST, and SCA tooling: Configure, tune, and operationalize static, dynamic, and software composition analysis tools to support scalable and effective application security testing.
  • Conduct manual and automated code reviews to detect insecure coding patterns, logic flaws, and injection risks, ensuring code adheres to secure development standards.
  • Develop and maintain custom scripts and tools to automate security tasks, enhance visibility, and integrate security into development and operational workflows.
  • Enforce least privilege, secure network architectures, and strong identity and access controls across cloud accounts and services.
  • Monitor computer networks and systems with SIEM to identify vulnerabilities and respond to security threats and attacks.
  • Support with scanning, tracking, and remediating security vulnerabilities across systems and applications.
  • Provide training, documentation, and hands-on guidance to developers and engineers to build a strong security culture and shift security left in the SDLC.
  • Stay current with industry developments and best practices through training, conferences, and other professional development activities.

AWSDockerPythonCloud ComputingCybersecurityGCPJavaKubernetesAzureCI/CDLinuxDevOpsScripting

Posted about 1 month ago
Apply
Apply
πŸ”₯ Application Security Engineer
Posted about 2 months ago

πŸ“ United States

🧭 Full-Time

πŸ’Έ 160000.0 - 330000.0 USD per year

πŸ” Software Development

🏒 Company: CoreWeaveπŸ’° $642,000,000 Secondary Market over 1 year agoCloud ComputingMachine LearningInformation TechnologyCloud Infrastructure

  • At least 3 years of experience directly focused on securing the software lifecycle
  • Strong skills in application architecture, secure coding reviews, and threat modeling
  • Solid experience developing secure applications or security tooling in Go, Python, or similar modern languages
  • Proven experience collaborating with developers to implement secure coding practices.
  • Excellent ability to negotiate and reach consensus with developers and fellow security practitioners, as well as excellent documentation skills
  • Familiarity with modern development environments, containers, microservices, and CI/CD pipelines
  • Conducting architecture reviews, security assessments, and code reviews to proactively identify and fix vulnerabilities in our applications
  • Developing robust, repeatable frameworks for application security that make it easy for teams to build securely from day one
  • Collaborating closely with development teams to integrate security seamlessly into their CI/CD pipelines
  • Crafting clear, practical security guidance and documentation that empowers developers
  • Actively participating in architectural discussions and providing insightful security recommendations
  • Occasionally, 'drawing the owl' - figuring out innovative solutions while navigating ambiguous situations

DockerPythonCloud ComputingCybersecurityKubernetesGoCI/CDRESTful APIsMicroservices

Posted about 2 months ago
Apply
Apply
πŸ”₯ Sr. Application Security Engineer (Remote)
Posted 2 months ago

πŸ“ United States

🧭 Full-Time

πŸ” Healthcare

🏒 Company: RulaπŸ‘₯ 251-500πŸ’° Series C 11 months agoPersonal HealthMental HealthAddiction TreatmentHealth InsuranceWellnessHealth CareHome Health Care

  • 4+ years of experience as an application security engineer
  • Experience with JavaScript, TypeScript, Node.js, and/or Ruby
  • Demonstrated success applying OWASP Top 10 recommendations to modern application stacks
  • Experience with common SAST and DAST tooling and best practices
  • Enhance the security of code and development practices
  • Enhance our vulnerability management program with Engineering and external partners

Node.jsJavascriptRubyTypeScript

Posted 2 months ago
Apply
Apply
πŸ”₯ Application Security Engineer
Posted 2 months ago

πŸ“ AMER, EMEA, APAC

🧭 Full-Time

πŸ” Security

🏒 Company: asymmetric.re

  • Familiarity and practical experience with Application Security Testing (AST) tools.
  • Proven experience as a consultant, engineer, or auditor, ideally working on/with web applications.
  • Prior experience working with open source development practices.
  • Willingness and aptitude to work with and write in multiple languages, mainly Go, Rust, Python, and JavaScript.
  • Experience with reverse engineering and/or fuzzing.
  • Experience with code reviews.
  • Design and implement security and defense-in-depth controls to prevent and limit vulnerabilities.
  • Develop security tooling and developer workflows to aid in the early detection of vulnerabilities.
  • Collaborate with core contributors to conduct internal security audits of off-chain infrastructure.
  • Harden CI/CD pipelines and constrain the attack surface of off-chain components.
  • Collaborate with core contributors to reduce supply-chain risk.
  • Triage and respond to potential security incidents across all parts of the stack.
  • Work in a diverse decentralized team environment with web3 professionals.
  • Clearly communicate security risks and solutions.
  • Adhere to the highest standards of integrity, trust, and professionalism.

DockerPythonBlockchainCybersecurityJavascriptGoRustWeb3.jsCI/CDRESTful APIsLinuxDevOps

Posted 2 months ago
Apply