Senior Application Security Engineer

Want to energize your career?

At CertiPath, you'll join a fast-moving team with a meaningful mission, delivering high-assurance identity and trust solutions that matter. We are seeking a Senior Application Security (AppSec) Engineer to strengthen our security posture across our TrustSuite products, driving positive customer impact and rapidly innovating and optimizing application security across traditional and cutting-edge AI-enabled environments.

This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization. This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level.

This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support.


Location : This role is primarily hybrid, based at our Reston, VA (HQ), with an average of 2 office days per week.

I've never heard of CertiPath. What do you do?


CertiPath is a trusted leader in high-assurance digital identity and access management solutions. Since 2004, we have helped commercial organizations and government agencies modernize how people securely access facilities, networks, and critical resources. With the stability of an established company and the agility of a growing technology business, we foster a culture of innovation, collaboration, and continuous growth. Our mission is simple: enable secure, trusted access in an increasingly connected world.

What will my responsibilities include as Senior AppSec Engineer at CertiPath?

• Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
• Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
• Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
• Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
• Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
• Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
• Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
• Support go-to-market efforts for highly regulated environments.

What qualifications do you look for?

• U.S. citizenship and the ability to obtain a government clearance.
• 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
• Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
• Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
• Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
• Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
• Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
• Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
• Proven ability to define and drive high-level application security strategy and plans.
• Excellent communication skills for reporting findings and influencing outcomes.

We're extra impressed by folks who have:

• Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
• Prior experience testing in government or regulated environments

What kind of benefits does CertiPath offer?

At CertiPath, we value trust, flexibility, and investing in our people. We are committed to creating an environment where employees can do meaningful work, continue to grow, and enjoy life outside of work.

• Competitive medical, dental, and vision coverage (including domestic partner coverage).
• Health Savings Account (HSA) options, 401(k) with a generous company match, company-paid Life, AD&D, Short-Term, and Long-Term Disability.
• Unlimited PTO, seven company holidays, & a company-wide week-long break at the end of each year, flexible working hours that support work-life balance
• LifeMart employee discount program
• Professional development opportunities and ongoing learning support

CertiPath is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, local, or international law.