Application Security Engineer
HarbourVest Partners · Boston, MA · 6 days ago
HybridInformation Technology$145k–$155k/yrFull-time
About the role
The Application Security Engineer (ASE) will serve in a multi-functional role, advising development teams on secure coding and accepted industry procedures. The ASE is responsible for leading SDLC initiatives that include secure code reviews, architecture assessments, and application scanning methods. They will provide end-to-end leadership for application security, working closely within platform teams to advocate for and enhance a strong program focused on application security.
Responsibilities
- Identify risks and areas of exposure in applications, SDLC processes, and architecture
- Define guardrails, standards, and secure usage patterns for agentic AI–based coding tools, enabling engineering teams to adopt them safely while managing data exposure, code quality, and security risk
- Perform secure build reviews, threat modeling, and application security testing (SAST, DAST, SCA)
- Identify, assess, and support remediation of vulnerabilities in web applications and APIs
- Partner with engineering teams to promote secure coding standards utilizing CI/CD pipelines and DevSecOps practices
- Support audits, regulatory exams, penetration tests, and security incident response
- Secure and continuously monitor third-party SaaS applications using SSPM tools, ensuring configurations, access controls, and integrations meet HarbourVest security standards
- Establish metrics and reporting to track coverage and effectiveness of security processes
- Enable developers through secure coding guidance, training, and tooling
Requirements
- Dedicated to protecting sensitive financial data, client information, and critical business systems
- Skilled in navigating regulated financial services settings
- Able to assess and prioritize security concerns by considering their effect on business and financial outcomes
- Collaborative partner to engineering, risk, compliance, and audit teams
- Proactive, diligent, and calm when responding to security incidents
Qualifications
- Solid understanding of application security principles and OWASP Top 10 risks
- Experience securing web applications, APIs, and microservices in financial environments
- Hands-on experience with AI-assisted coding tools such as Cursor, GitHub Copilot, and ChatGPT Codex, with an understanding of their security implications in enterprise software development
- Proficiency reviewing code in at least one common language (Java, Python, C#, or JavaScript)
- Familiarity with cloud platforms, containers, IaaC, and modern DevSecOps tooling
- Ability to clearly communicate technical risk to both technical and non-technical collaborators
Skills
- Strong understanding of application security principles and OWASP Top 10 risks
- Experience securing web applications, APIs, and microservices in financial environments
- Hands-on experience with AI-assisted coding tools such as Cursor, GitHub Copilot, and ChatGPT Codex, with an understanding of their security implications in enterprise software development
- Proficiency reviewing code in at least one common language (Java, Python, C#, or JavaScript)
- Familiarity with cloud platforms, containers, IaaC, and modern DevSecOps tooling
- Ability to clearly communicate technical risk to both technical and non-technical collaborators
Benefits
- Hybrid work arrangement with 18 remote workdays per quarter
- Discretionary annual bonus based on individual and overall firm performance
- Comprehensive total rewards package including retirement, health, insurance, paid time off, and wellness programs
Pay
Base Salary Range: $145,000.00 - $155,000.00
Schedule
This role is eligible for a hybrid work arrangement with 18 remote workdays per quarter.