Application Security Engineer (AppSec)
About the position
The Application Security Engineer (AppSec) is responsible for ensuring the security of applications, APIs, and software components throughout the software development lifecycle.
Operating within the SecOps domain and reporting to the Information Security Officer (ISO), the AppSec role focuses on secure design, code-level security, vulnerability identification, and controlled offensive testing, ensuring that applications meet organizational security standards before and after deployment.
This role owns what is built securely, not cloud platform configuration or CI/CD automation.
This position is hybrid, requiring on-site presence with a schedule of:
3 days on-site
2 days remote
Responsibilities
• Perform application security testing, including SAST, SCA, and DAST analysis.
• Execute internal manual penetration testing of applications and APIs on a quarterly basis, within approved scope.
• Conduct threat modeling for new applications and significant changes.
• Identify, analyze, and document application-level vulnerabilities and security weaknesses.
• Work directly with development teams to support secure remediation and secure coding practices.
• Define and maintain secure coding standards aligned with OWASP Top 10 and OWASP API Top 10.
• Validate that security findings are properly remediated before release.
• Maintain vulnerability tracking and reporting in Archer or approved systems.
• Support ISO during audits and security assessments by providing application security evidence.
Requirements
• 3+ years of experience in application security, secure software development, or ethical hacking.
• Strong knowledge of secure coding principles and common application vulnerabilities.
• Hands-on experience with SAST, DAST, and SCA tools.
• Experience performing manual application and API penetration testing.
• Familiarity with REST APIs, authentication mechanisms, and authorization models.
• Understanding of CI/CD pipelines from a security testing perspective.
• Strong documentation and vulnerability reporting skills.
Apply tot his job
Apply To this Job
The Application Security Engineer (AppSec) is responsible for ensuring the security of applications, APIs, and software components throughout the software development lifecycle.
Operating within the SecOps domain and reporting to the Information Security Officer (ISO), the AppSec role focuses on secure design, code-level security, vulnerability identification, and controlled offensive testing, ensuring that applications meet organizational security standards before and after deployment.
This role owns what is built securely, not cloud platform configuration or CI/CD automation.
This position is hybrid, requiring on-site presence with a schedule of:
3 days on-site
2 days remote
Responsibilities
• Perform application security testing, including SAST, SCA, and DAST analysis.
• Execute internal manual penetration testing of applications and APIs on a quarterly basis, within approved scope.
• Conduct threat modeling for new applications and significant changes.
• Identify, analyze, and document application-level vulnerabilities and security weaknesses.
• Work directly with development teams to support secure remediation and secure coding practices.
• Define and maintain secure coding standards aligned with OWASP Top 10 and OWASP API Top 10.
• Validate that security findings are properly remediated before release.
• Maintain vulnerability tracking and reporting in Archer or approved systems.
• Support ISO during audits and security assessments by providing application security evidence.
Requirements
• 3+ years of experience in application security, secure software development, or ethical hacking.
• Strong knowledge of secure coding principles and common application vulnerabilities.
• Hands-on experience with SAST, DAST, and SCA tools.
• Experience performing manual application and API penetration testing.
• Familiarity with REST APIs, authentication mechanisms, and authorization models.
• Understanding of CI/CD pipelines from a security testing perspective.
• Strong documentation and vulnerability reporting skills.
Apply tot his job
Apply To this Job