Application Security Engineer

Application Security Engineer Position Overview The Application Security Engineer is a mid-to-senior level individual contributor responsible for performing application security assessments, supporting vulnerability management operations, and providing security expertise to internal stakeholders and partner organizations. This role requires a self-directed professional who can manage their own workload, make independent decisions within established guidelines, and serve as a reliable subject matter expert within the application security program. Core Responsibilities Application Security Assessments Perform dynamic and manual application security assessments for new applications, applications undergoing major updates, and applications migrating to cloud environments Review vendor-provided security assessments for completeness, validity, and accuracy Provide expert guidance to stakeholders on security findings, risk severity, and remediation approaches Manage assessment queues and customer timelines, communicating proactively when timelines are at risk Support mobile application security reviews and business process automation security reviews Vulnerability Management Assist with Nessus-based vulnerability scanning operations across multi-environment infrastructure including physical data centers, AWS, Azure, and GCP Support ad-hoc scan requests and new system build scans Assist with vulnerability finding interpretation, false positive validation, and stakeholder communication Contribute to vulnerability research and monitoring for zero-day or actively exploited vulnerabilities Cloud & WAF Support Develop working familiarity with Web Application Firewall (WAF) operations across AWS, Azure, and Cloudflare environments Use Splunk for log analysis and investigation, including hunting WAF blocks and identifying anomalous activity Support cloud security posture awareness and stakeholder consultation as needed GRC & Stakeholder Coordination Use the Archer GRC platform to document findings, manage workflows, and support compliance reporting Coordinate directly with stakeholders to communicate assessment status, findings, and remediation guidance Contribute security expertise to RFI, RFP, and research projects as needed Qualifications Experience 5+ years of direct, hands-on experience performing dynamic application security assessments Demonstrated experience with vulnerability management concepts and operations Experience programming or scripting in one or more languages relevant to application security (e.g., Python, JavaScript, Java) Certifications One or more active security certifications required. Preferred certifications include: Certified Ethical Hacker (CEH) CompTIA Security+ CompTIA PenTest+ GIAC Web Application Penetration Tester (GWAPT) Offensive Security Certified Professional (OSCP) Or equivalent industry-recognized security certification Technical Skills — Required Proficiency with Burp Suite or OWASP ZAP for dynamic application testing Experience performing manual application security testing beyond automated scanning Solid understanding of the OWASP Top 10 and common application vulnerability classes Experience working in cloud environments (AWS, Azure, and/or GCP) Technical Skills — Preferred Experience with Nessus or comparable vulnerability scanning platforms Familiarity with Web Application Firewall concepts and operations Experience with Splunk or comparable SIEM platforms for log analysis Experience with Archer GRC or comparable GRC platforms Familiarity with mobile application security assessment methodologies Ability to read and evaluate application code for security weaknesses Familiarity with vulnerability and exploit research and risk classification Soft Skills Ability to work independently and manage competing priorities without close supervision Strong written and verbal communication skills, including explaining complex security findings to non-technical audiences Interruption-tolerant work style with the ability to context-switch while maintaining assessment quality Ability to professionally manage conflict when stakeholders push back on findings; must defend technically sound conclusions while remaining respectful and solution-oriented Collaborative team approach with willingness to contribute across program areas Work Environment This is a remote position. The successful candidate will join a small, high-performing security team and is expected to carry a full workload from an early stage. Assessment work is time-sensitive and requires focused, uninterrupted work blocks; candidates should be comfortable managing their own schedule while remaining responsive to stakeholder needs. The role includes a structured onboarding and knowledge transfer period.