Senior Application Security Engineer - Remote Position

About the Role

We are seeking a highly experienced Senior Application Security Engineer to join our cybersecurity team in a fully remote capacity. As a Senior Application Security Engineer remote professional, you will play a critical role in securing enterprise applications and ensuring robust security measures are integrated throughout the software development lifecycle.

What You'll Do

• Design, implement, and maintain application security frameworks, standards, and best practices across enterprise systems.
• Perform secure code reviews and identify vulnerabilities in web, mobile, and API-based applications.
• Conduct application security testing, including Static (SAST), Dynamic (DAST), Interactive (IAST), and penetration testing.
• Integrate security controls into CI/CD pipelines and support DevSecOps initiatives.
• Identify, assess, and remediate application security risks based on severity and business impact.
• Develop threat models and perform risk assessments for new and existing applications.
• Ensure compliance with industry standards and regulatory frameworks such as OWASP Top 10, NIST, ISO 27001, PCI-DSS, HIPAA, and SOC 2.
• Monitor and respond to application-level security incidents and support incident response efforts.
• Provide technical guidance and mentorship to development teams and junior security engineers.
• Collaborate with infrastructure, cloud, and network security teams to ensure end-to-end security coverage.
• Create and maintain security documentation, policies, and audit-ready reports for leadership and compliance reviews.

Requirements

• 12+ years of experience in application security, cybersecurity, or information security.
• Strong hands-on experience with application security tools such as Fortify, Checkmarx, Veracode, Burp Suite, OWASP ZAP, or similar tools.
• In-depth understanding of secure coding practices and common vulnerabilities across Java, .NET, Python, JavaScript, and modern web technologies.
• Extensive experience with OWASP Top 10 and Secure SDLC methodologies.
• Strong knowledge of authentication, authorization, encryption, and key management concepts.
• Proven experience securing RESTful APIs, microservices, and cloud-native applications.
• Hands-on experience with cloud platforms such as AWS, Azure, or Google Cloud and their security controls.
• Ability to analyze complex security issues and clearly communicate risks and remediation strategies to technical and non-technical stakeholders.
• Experience working in large enterprise or government environments.
• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent professional experience.

Nice to Have

• Security certifications such as CISSP, CISM, CEH, GWAPT, OSCP, or CSSLP.
• Experience with DevSecOps tools and CI/CD platforms including Jenkins, GitHub Actions, GitLab CI, or Azure DevOps.
• Knowledge of container and Kubernetes security practices.
• Experience with SIEM tools and security monitoring platforms.
• Familiarity with Zero Trust security architecture.
• Prior experience supporting regulatory audits and compliance initiatives.
• Strong leadership, documentation, and stakeholder communication skills.

What We Offer

• Competitive salary range of $140,000 to $180,000 annually.
• Remote work flexibility, allowing you to work from anywhere in the United States.
• W2-Contract only with visa sponsorship options available for eligible candidates.
• Comprehensive health benefits and a supportive work environment.
• Opportunities for professional development and continuous learning.
• A collaborative team culture focused on innovation and security excellence.