Application Security Engineer in United States at Jobgether

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Application Security Engineer in the United States.

This role is ideal for a security-focused engineer passionate about embedding security into every stage of the software development lifecycle. You will work closely with engineering, infrastructure, and platform teams to strengthen application security across modern cloud-native environments. The position combines offensive and defensive security practices, allowing you to influence secure design, vulnerability management, and incident response initiatives. You’ll play a key role in improving secure development standards, reducing production risk, and enabling developers to build secure software efficiently. The environment is collaborative, fast-paced, and highly technical, offering opportunities to work on enterprise-scale systems while shaping long-term security strategy and best practices. This fully remote opportunity provides strong career growth and exposure to cutting-edge application security technologies and methodologies.

• Conduct threat modeling exercises and security architecture reviews for new and existing applications and services.
• Perform manual code reviews and collaborate directly with engineering teams to harden applications and improve secure coding practices.
• Implement and manage security testing tools including SAST, DAST, IAST, SCA, and secret-scanning solutions integrated into CI/CD pipelines.
• Drive vulnerability management processes including triage, prioritization, remediation tracking, and SLA enforcement.
• Design and promote secure-by-default frameworks, libraries, and development patterns for engineering teams.
• Lead red-team and purple-team exercises to identify application weaknesses and coordinate remediation efforts.
• Implement runtime protections such as WAF, RASP, abuse detection, and bot mitigation mechanisms.
• Define and enforce secure authentication, authorization, session management, and cryptographic standards.
• Partner with infrastructure and platform teams to secure containerized, Kubernetes, and cloud-based environments.
• Develop and deliver security awareness training, onboarding materials, and secure development guidance for engineering teams.
• Participate in security incident response related to application vulnerabilities and emerging threats.
• Maintain comprehensive technical documentation including architecture diagrams, operational procedures, and security standards.
• Stay informed on emerging vulnerabilities, exploit techniques, and evolving application security tooling.

• Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline.
• 5+ years of experience in application security, product security, or security engineering roles.
• Strong knowledge of the OWASP Top 10 and common web application vulnerability patterns.
• Hands-on experience reviewing code across multiple programming languages and technology stacks.
• Deep familiarity with SAST, DAST, SCA, IAST, and CI/CD-integrated security tooling.
• Strong understanding of authentication, authorization, encryption, and secure session management principles.
• Experience securing cloud-native and containerized infrastructures.
• Proficiency in at least one programming or scripting language for automation and tooling development.
• Strong communication and collaboration skills with both technical and non-technical stakeholders.
• Experience working in Agile software development environments alongside engineering teams.
• Certifications such as Offensive Security OSCP, OSCE, GWAPT, or CISSP are considered a plus.
• Familiarity with offensive security operations, bug bounty programs, AI/LLM security risks, or regulated environments is advantageous.

• 100% remote work opportunity within the continental United States.
• Competitive compensation package based on experience and qualifications.
• Full-time direct W2 employment with long-term project stability.
• Comprehensive medical, dental, and vision insurance coverage.
• Opportunity to work on modern cloud-native and enterprise-scale applications.
• Exposure to advanced security tooling, DevSecOps practices, and secure engineering initiatives.
• Collaborative and innovation-driven engineering culture.
• Career development opportunities through mentorship, technical ownership, and continuous learning.
• H1B transfer support available for qualified candidates currently holding valid H1B status.