Application Security Engineer

Summary

Join Andesite, a cybersecurity firm, as an Application Security Engineer to secure software applications from design to deployment. Collaborate with developers, DevOps, and product teams to identify and mitigate vulnerabilities, perform threat modeling, and embed secure practices throughout the software development lifecycle. Conduct manual and automated application security testing, lead threat modeling sessions, perform code reviews, and provide secure coding guidance. Partner with development teams to remediate vulnerabilities and collaborate with DevOps and cloud engineering teams on secure infrastructure-as-code. This role requires 4+ years of experience in application security and a Bachelor's degree in a related field. Andesite offers a competitive salary, comprehensive health insurance, unlimited PTO, a flexible work environment, and 14 weeks of parental leave.

Requirements

• 4+ years of experience in application security, secure software development, or a similar security-focused engineering role
• Bachelor's in Computer Science, Cyber Security, Software Engineering, or related field
• Strong understanding of OWASP Top 10 and common web/app/API vulnerabilities
• Experience with SAST/DAST/SCA toolsets (e.g., Veracode, Burp Suite, Checkmarx, Snyk)
• Proficiency in languages like Python and JavaScript, including their secure coding practices
• Hands-on experience with CI/CD environments (e.g., GitHub Actions, Jenkins, GitLab)
• Experience with threat modeling frameworks (e.g., STRIDE)
• Familiarity with compliance frameworks (e.g., PCI DSS, NIST 800-53, SOC 2, ISO 27001)

Responsibilities

• Conduct manual and automated application security testing (e.g., web, API)
• Lead threat modeling sessions and collaborate on secure design reviews
• Perform code reviews and provide secure coding guidance to engineering teams
• Partner with development teams to triage and remediate vulnerabilities
• Collaborate with DevOps and cloud engineering teams on secure infrastructure-as-code

Preferred Qualifications

• Relevant certifications (e.g., OSCP, GWAPT, CSSLP, CASE)
• Experience with cloud platforms (e.g., AWS, Azure, GCP) and their security features
• Exposure with securing containerized applications (e.g., Docker, Kubernetes)
• Knowledge to perform penetration testing against AI models

Benefits

• Top-of-market competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• A remote-first environment, with occasional travel to collaborate with customers, your team, and teammates from across the company in person
• Home office reimbursement
• 14 weeks of fully-paid parental leave