Principal Application Security Engineer (Remote - US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Application Security Engineer in the United States.

This role offers a strategic opportunity to lead application security across complex enterprise systems. As a Principal Application Security Engineer, you will embed security throughout the software development lifecycle, conduct advanced security assessments, and drive compliance with internal and external standards. You will collaborate closely with agile teams, architects, and leadership to mitigate risks, respond to incidents, and champion secure coding practices. The role requires a blend of technical expertise, strategic thinking, and mentorship, fostering a culture of security awareness across the organization. You will influence secure design decisions, optimize security tools and automation, and support professional growth in application security practices. This is a highly impactful role where your contributions directly enhance the organization’s security posture while enabling agile and innovative software delivery.

Accountabilities:

• Lead enterprise-wide application security initiatives and develop scalable security strategies for cloud, on-premises, and hybrid environments.
• Conduct static (SAST), dynamic (DAST), and interactive (IAST) security testing, including penetration testing and vulnerability assessments.
• Integrate security controls into CI/CD pipelines and DevOps workflows, promoting secure coding and threat modeling practices.
• Develop and enforce application security standards, Secure SDLC policies, and ensure compliance with frameworks like OWASP, NIST, and ISO.
• Establish and manage an Application Security Champions program, delivering training on secure coding and security awareness.
• Lead incident response for application vulnerabilities and continuously improve risk mitigation strategies.
• Deploy, configure, and manage security tools for code analysis, vulnerability scanning, runtime protection, and related automation.
• Serve as a liaison between development, architecture, and cybersecurity teams, translating technical risks into business impacts.

Requirements

• Minimum 10 years of experience in application security or a related field.
• Bachelor’s degree in Computer Science, Information Security, or a related discipline; relevant certifications such as CISSP, CEH, or OSCP are a plus.
• Expertise in application security practices, secure coding, and security tools (SAST, DAST, IAST, vulnerability scanners, penetration testing frameworks).
• Strong understanding of OWASP Top Ten, common vulnerabilities, and secure SDLC integration.
• Excellent collaboration and communication skills, with the ability to convey complex security concepts to technical and non-technical audiences.
• Ability to adapt to rapidly changing technologies, processes, and business environments.
• Strong analytical and problem-solving skills with proactive identification and resolution of security issues.

Benefits

• Competitive annual salary: $133,000–$184,000.
• Incentive plan eligibility at all levels.
• Comprehensive health care plans (medical, dental, vision).
• Retirement savings plan with company match.
• Employee Stock Purchase Program at a discount.
• Tuition assistance and reimbursement programs.
• 20 days of paid time off plus additional holidays.
• Flexible work environment supporting work-life balance.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.
When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.
The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role.
Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team.

Thank you for your interest!