Application Security Engineer

1 day ago

New York, NY, USAMid Level / Senior

Base Salary

$180k - $250k/yr

Responsibilities

Own the application security program across the SDLC from design review through deployment.
Conduct threat modeling on new features and perform security design and code reviews.
Manage the SAST, DAST, and SCA toolchain, ensuring findings surface at commit time.
Triage and prioritize automated scanner output, delivering a risk-ranked backlog.
Conduct manual penetration testing and security assessments of web applications and APIs.
Manage the external penetration testing program and bug bounty program end-to-end.
Track and drive remediation of application-layer vulnerabilities across the product portfolio.
Develop and maintain secure coding guidelines and security education for developers.

3+ years of hands-on application security experience.
Strong proficiency in identifying and exploiting OWASP Top 10 vulnerabilities.
Experience deploying and operating SAST, DAST, and SCA tooling.
Ability to read and write code in at least one common backend language.
Experience conducting or managing penetration tests against web applications and APIs.
Solid understanding of authentication and authorization patterns.
Clear written communication skills for writing actionable findings.
Experience with a bug bounty platform is a plus.
Familiarity with smart contract security and blockchain transaction flows is a plus.
Experience securing financial transaction systems is a plus.
Security certifications such as OSCP or equivalent are a plus.
Exposure to AWS application-layer security services is a plus.
Prior experience building a security champions program is a plus.

AWSGoPythonTypeScript