Jobs · Information Technology

Associate Application Security Engineer

North · United States · 2 wk ago
RemoteRemoteInformation Technology$90k–$125k/yrFull-time

About the role

Join our security team as an Associate Application Security Engineer and play a hands-on role in defending cloud infrastructure, networks, and modern web applications using enterprise-level tools.

Responsibilities

  • Develop expertise in vulnerability assessment and threat research while collaborating with engineering teams for timely and effective remediation.
  • Leverage automation, scripting, and data analysis to scale security testing, reduce risk, and continuously monitor critical assets.
  • Conduct application assessments and security tests together with the testing team.
  • Maintain, add, enhance, and expand the scope of application assessments and penetration tests.
  • Use augmented instruments and tools for application assessments and evaluations.
  • Document, triage, and track vulnerabilities and exposures, and assist and advise on remediation.
  • Identify and track risks and exposures, create leads for assessments.
  • Document and maintain operational processes and procedures.

Requirements

  • Bachelor of Science in Cybersecurity, Computer Science, or an allied technical discipline, complemented by equivalent professional expertise.
  • Experience with web vulnerabilities, web attack paths, and web vulnerability remediation in modern web frameworks.
  • Experience with cloud platforms (AWS, Azure, GCP) and their native security tools.
  • Experience with security testing tools such as BurpSuite, nmap, Metasploit, and security testing distributions such as Kali Linux.
  • Experience with data analysis and SIEM tools (e.g., Grafana, Opensearch, CS NextGen SIEM) for log analysis and monitoring.
  • Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs).
  • Basic scripting knowledge using Python, Bash, and PowerShell.
  • Comfortable using terminals, scripting, and automation for WAF automation use-cases.

Qualifications

  • Ability to translate complex technical vulnerabilities, threat impact, and remediation urgency into actionable, risk-prioritized reports for both technical and non-technical stakeholders.

Skills

  • Relevant industry certifications and qualifications (e.g., CompTIA Security+, CEH, OSCP, or equivalent) are a plus.
  • Experience executing penetration testing aligned with OWASP Top 10 standards and modern browser security baselines.
  • Experience partnering with engineering teams on vulnerability remediation, including CSP rules, secure CORS origins, and HSTS enforcement.
  • Experience developing novel testing methodologies to bypass or harden application-layer defenses.
  • Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines.
  • Experience conducting security research and threat intelligence to advance organizational defenses.
  • Knowledge of hardened security configurations including CSP rules, secure CORS origins, and strict HSTS enforcement.

Benefits

We look forward to discussing your salary expectations and our full total rewards offerings throughout the interview process.

Pay

Salary range: $90,000-$125,000 Pay within this range varies by work location and on job-related knowledge, skills, and experience.

Schedule

Remote

Similar jobs

Application Security Engineer

Purpose Brands, LLCWoodbury, MN· 3 wk ago
Information Technology$120k–$140k/yrapply on purposebrands.wd503.myworkdayjobs.com