Application Security Engineer
$100,000–$150,000 year
Remote · United States
Job Summary
Application Security Engineer responsible for embedding security throughout the software development lifecycle, partnering with engineering teams to design secure systems, identify vulnerabilities, and reduce risk across the application portfolio. Combines hands-on offensive and defensive security activities with strong communication to help development teams ship secure software efficiently. Core duties include threat modeling and security architecture reviews, manual code reviews and secure design consultations, operating SAST/DAST/IAST/SCA/secret-scanning tools in CI/CD, leading vulnerability triage and remediation, building secure patterns and libraries, leading red-team/purple-team exercises, implementing runtime protections (WAF, RASP, bot protection), enforcing secure authentication/authorization/cryptography, hardening cloud/container environments, delivering security training, responding to incidents, tracking CVEs, maintaining comprehensive security documentation, and staying current with application security research and tooling.
Required Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field
- Five or more years of application security or security engineering experience
- Strong understanding of OWASP Top 10, common vulnerability classes, and modern exploit patterns
- Hands-on experience performing code review across at least two major languages
- Deep familiarity with SAST, DAST, SCA, and CI/CD-integrated security tooling
- Strong understanding of authentication, authorization, and cryptographic primitives
- Experience with cloud security and modern infrastructure controls
- Strong communication skills with technical and non-technical audiences
- Proficiency in at least one programming language for tooling and automation
- Experience working closely with engineering teams in an Agile environment
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.