Senior Application Security Engineer

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Senior Application Security Engineer in the United States.

In this role, you will lead efforts to secure applications and software systems by identifying vulnerabilities, conducting threat modeling, and integrating security best practices throughout the software development lifecycle. You will collaborate closely with development and engineering teams to implement robust security controls, manage vulnerabilities, and respond to incidents effectively. This position offers the opportunity to work in a fast-paced, dynamic environment, applying hands-on expertise in application security, DevSecOps, and risk mitigation. You will also help shape security strategies and tooling, ensuring the protection of critical data and systems across a global footprint. The ideal candidate is both technically skilled and able to influence teams, contributing to a culture of security awareness and resilience.

Accountabilities

• Conduct security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
• Design, develop, and implement security tools, frameworks, and methodologies to safeguard applications from threats.
• Collaborate with development teams to integrate secure coding practices and security controls into the SDLC.
• Perform threat modeling and risk assessments to proactively identify and mitigate potential risks.
• Track, analyze, and manage vulnerabilities, providing guidance for remediation efforts.
• Assist in investigating and responding to application-related security incidents.
• Stay current on emerging security threats, vulnerabilities, and technologies to continuously improve protection measures.

Requirements

• 5+ years of software development experience with exposure to application security or DevSecOps.
• Strong understanding of secure coding, threat modeling, and vulnerability management across the SDLC.
• Proficiency in Go, Python, or Java, and experience with CI/CD pipelines and GitHub.
• Hands-on experience with security tools and frameworks (SAST, DAST, SCA, OWASP ZAP, Burp, Snyk, Semgrep).
• Knowledge of core information security concepts, including malware, exploits, attacks, firewalls, and intrusion detection/prevention.
• Expertise in at least one of: Threat and Vulnerability Management, Incident Response, Threat Hunting/Red Teaming, or Penetration Testing.
• Strong analytical, communication, and collaboration skills to partner effectively with development and security teams.
• Preferred: experience with cloud/container security (GCP, Kubernetes, Docker, Terraform), endpoint/vulnerability management tools (e.g., CrowdStrike, Wiz), AI infrastructure security, and relevant certifications (ISC², ISACA, GCP).

Benefits

• Competitive salary: $160K – $200K, with potential bonus or commission plans.
• Comprehensive US benefits including medical, dental, vision, and 401(k).
• Remote work with flexible arrangements.
• Opportunity to work on cutting-edge application security and data protection solutions.
• Collaborative environment with exposure to global security and engineering teams.
• Professional growth in application security, DevSecOps, and risk management.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.

The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or assessments) are made by their internal hiring team.

Thank you for your interest!