Senior Application Security Engineer in United States at Jobgether

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Senior Application Security Engineer based in the United States.

This is a senior-level individual contributor role focused on strengthening application security across a modern SaaS environment and ensuring security is embedded throughout the software development lifecycle. You will work closely with engineering, product, platform, and security teams to identify, mitigate, and prevent application risks across both traditional and AI-powered products. The role combines deep technical expertise with strategic influence, allowing you to shape security practices, tooling, and operational processes at scale. You will lead threat modeling efforts, conduct code-level security reviews, and drive remediation initiatives from discovery through resolution. A strong emphasis is placed on automation, AI-assisted security workflows, and developer enablement. This position offers the opportunity to tackle complex security challenges while helping build secure-by-design products in a fast-paced, innovative environment.

• Lead and continuously improve the secure software development lifecycle (SSDLC), ensuring security considerations are integrated into application design, development, and deployment processes.
• Conduct application security reviews, threat modeling exercises, and in-depth code analysis for critical product, platform, and AI-driven initiatives.
• Drive vulnerability management efforts across internal assessments, penetration tests, bug bounty findings, and automated security tools, ensuring timely validation, prioritization, remediation, and verification.
• Perform hands-on security testing, exploit validation, adversarial assessments, and remediation reviews to confirm vulnerabilities are fully addressed.
• Establish and maintain secure design standards, security guardrails, risk models, and code review practices across engineering teams.
• Enhance and optimize application security tooling, including SAST solutions, automation workflows, dashboards, and security integrations.
• Develop AI-focused security controls and review processes addressing prompt handling, API exposure, data protection, abuse scenarios, and AI-specific threats.
• Partner with engineering, product, legal, platform, and security stakeholders to align security initiatives with business objectives and development velocity.
• Support developer enablement through secure coding guidance, security training, documentation, and security champion programs.
• Contribute to operational improvements, metrics reporting, and long-term security strategy execution across the organization.

• 5+ years of experience in application security, software engineering, or a combination of both within modern SaaS environments.
• Strong software development capabilities with experience reading, writing, and deploying production code; Ruby experience is highly desirable, with Python or similar scripting languages considered a plus.
• Deep understanding of application security principles, secure architecture, authentication and authorization frameworks, vulnerability management, and secure coding practices.
• Proven experience performing code reviews, penetration testing, exploit validation, and vulnerability remediation in complex production systems.
• Strong knowledge of common web application security risks, including access control flaws, OAuth vulnerabilities, CSRF, SSRF, cryptographic weaknesses, insecure deserialization, and dependency-related risks.
• Experience working with cloud-native environments and Linux systems, preferably within GCP-based infrastructures.
• Familiarity with application security tooling, including SAST, software composition analysis, runtime security tools, and automation frameworks.
• Experience integrating AI-assisted tools and automation into engineering or security workflows, as well as securing AI-powered applications and services.
• Excellent communication, stakeholder management, and collaboration skills, with the ability to influence technical and non-technical audiences.
• Security certifications and experience supporting AI-native products, developer enablement initiatives, or security champions programs are considered advantageous.

• Competitive salary range of $190,000 – $273,000 USD, depending on location and experience
• Performance-based bonus opportunities
• Equity participation program
• 401(k) retirement savings plan
• Comprehensive medical, dental, and vision insurance coverage
• Flexible Spending Account (FSA) and Health Savings Account (HSA) options
• Life, AD&D, short-term disability, and long-term disability insurance
• Flexible paid time off policy and at least 10 paid holidays annually
• Paid parental leave
• Employee assistance and wellbeing programs
• Global travel coverage benefits
• Fully remote work environment with opportunities for career growth and professional development