Application Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Application Security Engineer embedding security into the software development lifecycle for Infiterra's subscription economy platform. Collaborate with engineers to enhance application security practices.
Responsibilities:
- Embed security into the SDLC
- Integrate security activities across all SDLC phases: requirements, design, implementation, testing, deployment, and maintenance.
- Partner closely with engineering teams to ensure secure development practices are applied consistently.
- Review security controls for new features, services, and architectural changes.
- Run threat modeling sessions (e.g. STRIDE) for new and existing systems.
- Identify threats, attack paths, misconfigurations, and insecure design patterns.
- Collaborate with engineers to ensure systems follow secure-by-design principles.
- Perform security-focused code reviews to identify vulnerabilities and risky implementations.
- Provide clear, actionable guidance on secure coding patterns and best practices.
- Assess application and system architectures from a security perspective.
- Perform manual and automated web application security testing (e.g. injection flaws, auth issues, access control gaps, insecure configs, logic flaws).
- Operate, tune, and improve AppSec tooling (SAST, DAST, SCA, secrets scanning, dependency scanning).
- Integrate and automate security checks within CI/CD pipelines.
- Identify gaps in tooling and recommend or introduce improvements.
- Measure the maturity and effectiveness of the AppSec program.
- Track and report security metrics (e.g. vulnerability trends, coverage, remediation progress).
- Drive continuous improvements based on findings, audits, and industry best practices.
- Support engineering teams during application security incidents or vulnerability disclosures.
- Contribute to triage, impact assessment, and root cause analysis.
- Ensure lessons learned are fed back into design, tooling, and processes.
- Enable engineers through training, documentation, and hands-on guidance.
- Create and maintain secure coding guidelines, checklists, and internal resources.
- Act as a trusted security partner, not a blocker.
Requirements:
- Strong understanding of secure software development principles.
- Solid knowledge of common vulnerability classes (OWASP Top 10, CWE).
- Experience working within modern SDLCs and agile development workflows.
- Hands-on experience with application security tools (SAST, DAST, SCA, etc.).
- Experience with web application security testing.
- Ability to assess risk pragmatically and prioritize remediation.
- Understanding of cloud-native architectures, APIs, and microservices.
- Experience integrating security tooling into CI/CD pipelines.
- Background working closely with product and engineering teams.
- Exposure to security metrics, maturity models, or AppSec program building.
Benefits:
- A tech-passionate team with a friendly culture and an international breed.
- Fully remote work.
- Flexible working hours.
- Work-from-anywhere scheme (travel and work).
- Learning & development budget.
Similar Jobs
Senior Databricks Application Engineer
Senior Databricks Application Engineer designing Databricks Apps and developing data solutions remotely. Collaborating on analytics workflows and cloud integration for IT Services.
Senior Application Security Engineer
Senior Application Security Engineer at Amerisure designing and maintaining security controls for applications. Leading security monitoring and vulnerability management in a DevSecOps environment.
Full-stack AI Application Engineer
Full-stack Engineer at ThirdLaw building AI-native platform features. Working in a small team to deliver impactful solutions to ensure AI trust and safety.
Senior Application Security Engineer
Senior Application Security Engineer at RevenueCat ensuring security across web and mobile applications. Collaborating with engineering teams and external parties to create secure frameworks and support bug bounty programs.
Technology Field Application Engineer
Technology Field Application Engineer at Arrow Global Components facilitating solutions for customer designs through technical leadership and engineering investments. Partnering with sales teams and managing supplier expectations.
Application Security Engineer
Application Security Engineer responsible for embedding security in software delivery at SNHU. Collaborating with DevSecOps teams to ensure application security in various approved remote states.
Application Engineer – Europe South
Application Engineer providing technical expertise and support for Mecademic's robotic solutions. Focused on Europe South region while engaging with engineers and integrators.
Application Engineer – DACH Region
Technical expert for Mecademic's robotic solutions in the DACH region. Provide in-depth technical support and demonstration for successful deployment and optimization of robotic solutions.
Principal AI Application Engineer
Principal AI Application Engineer creating modular AI solutions for government services at Code for America. Collaborating with various teams for effective public service delivery.
Application Engineer
Drive technical support and training for Cimatron CAD and Mold products while collaborating with sales teams in Mexico. Oversee customer implementation projects and maintain high-quality customer satisfaction levels.
Application Support Engineer
Application Support Engineer responsible for resolving application and infrastructure issues in customer-hosted environments at Lumin Digital. Collaborating with internal teams to ensure smooth client operations.
Senior Cloud Application Support Engineer
Cloud Engineer providing advanced support and troubleshooting for cloud-based services in a managed service environment. Leading problem resolution efforts and improving service offerings using Azure expertise.
Dynamics 365 Application Support Engineer
Dynamics 365 Application Support Engineer managing application issues and ensuring customer satisfaction. Supporting Microsoft's Dynamics 365 systems while adhering to IT security principles and best practices.
Application Security Engineer – Threat Modeling, SAST, SCA
Application Security Engineer at Netsentries performing secure code assessments and Threat Modeling for enterprise web/mobile applications. Collaborating with development teams to identify and remedy vulnerabilities.
Mechatronics Application Engineer
Mechatronics Application Engineer focused on customer automation in North America. Supporting technical sales and providing in-depth knowledge of mechatronic solutions.
Application Engineer – ASEAN Region
Application Engineer providing technical support for Mecademic's robotic solutions in the ASEAN market. Responsible for demonstrations, training, managing customer relationships, and addressing technical challenges.
Pre-Sales Application Engineer
Lab Productivity Pre‑Sales Application Scientist at Agilent enabling laboratory automation and analytical workflows. Collaborating with customers to enhance lab productivity solutions.
Field Application Engineer
Field Applications Engineer installing and troubleshooting vehicle control systems for ambulance builders and specialist converters, requiring extensive travel across the United States.
Application Engineer, AI Physics
Application Engineer building AI Physics capabilities for engineering and scientific discovery at Rescale. Collaborating with customers and engineering teams to ship product features.
Application Security Engineer
Application Security Engineer securing software programs for Department of Justice. Focusing on identifying vulnerabilities, designing security controls, and improving security processes.