📍United States
Application Security Engineer

The Motley Fool
💵 $150k-$175k
📍Remote - United States
Please let The Motley Fool know you found this job on JobsCollider. Thanks! 🙏
Summary
Join The Motley Fool as a mid to senior-level Application Security Engineer. You will be responsible for identifying, validating, and remediating security risks across a multi-language environment. A growing focus will be securing AI and LLM-based applications, helping define best practices and build safeguards. This role requires strong technical instincts, a bias for action, and the ability to own complex projects. You will work with developers and cross-functional stakeholders, proactively engaging and escalating issues. The ideal candidate will have 3–7 years of experience in Application Security and a strong background in Python or other backend languages.
Requirements
- 3–7 years in Application Security, Penetration Testing, or Secure Software Development
- Strong background in Python or other backend languages (C#, PHP)
- Experience with security testing methodologies and tools, including SAST, DAST, IAST, RASP, SCA, API Security tools (e.g., Noname, Traceable, Levo), Client-side Security tools (e.g., Feroot, Source Defense), and CNAPP
- Working familiarity with cloud-based technologies, particularly AWS (e.g., IAM, VPCs, S3, Lambda, CloudFront, Security Groups)
- Deep understanding of OWASP Top 10, CWE Top 25, and secure SDLC principles
- Comfortable working directly with developers and cross-functional stakeholders
Responsibilities
- Own and deliver application security initiatives end-to-end
- Define clear quarterly SMART goals and drive toward their completion
- Engage stakeholders proactively and escalate blockers before they become issues
- Take full responsibility for the delivery of project ownership
- Validate findings through hands-on testing; never assume without verification
- Produce detailed, technically accurate risk assessments and remediation advice
- Investigate deeply using tools like Semgrep, Feroot, Source Defense, and Noname
- Understand the context of the applications you’re securing—business logic, threat model, and operational constraints
- Stay current on insecure practices (e.g., eval, shell injection, unsafe deserialization) and ensure they’re recognized and flagged appropriately
- Speak up early when you see risk, blockers, or better ways to solve problems
- Share context, findings, and decisions proactively in meetings and documentation
- Follow through on action items; own gaps and next steps
- Operate with transparency—acknowledge unknowns and follow up with answers
Preferred Qualifications
- Contributions to open-source, bug bounty programs, or security communities
- Familiarity with compliance standards like PCI-DSS, SOC 2, or ISO 27001
- Prior experience in environments with distributed teams or high agility
Benefits
- Flexible, remote work environment (*see our open states above)
- No “vacation policy” (not to be confused with a “No vacation” policy)
- Generous fully-paid parental leave
- $1,000 annually to invest in stocks of your choice
- Super low premiums for medical, dental, and vision coverage
- Comprehensive compensation package, including company equity
Share this job:
Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.
Similar Remote Jobs
📍United States
📍United States

📍Australia

📍New Zealand

📍Australia
📍Argentina, Colombia
📍United States
📍Poland