Senior Application Security Engineer

Want to energize your career?

At CertiPath, you'll join a fast-moving team with a meaningful mission, delivering high-assurance identity and trust solutions that matter. We are seeking a Senior Application Security (AppSec) Engineer to strengthen our security posture across our TrustSuite products, driving positive customer impact and rapidly innovating and optimizing application security across traditional and cutting-edge AI-enabled environments.

This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization.

This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support.


This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level.

Location : This role is primarily hybrid, based at our Reston, VA headquarters, with an average of 2-3 office days per week.


I've never heard of CertiPath. What do you do?


We are the experts in software and services for high-assurance digital identity verification and management. We are an established organization with a 21-year track record of delivering on our promises with the drive and entrepreneurial spirit of a start-up. CertiPath is focused on bringing facility and network access management for commercial clients and government agencies into the 21st century.


What will my responsibilities include as Senior AppSec Engineer at CertiPath?

• Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
• Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
• Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
• Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
• Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
• Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
• Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
• Support go-to-market efforts for highly regulated environments.

What qualifications do you look for?

• U.S. citizenship and the ability to obtain a government clearance.
• 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
• Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
• Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
• Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
• Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
• Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
• Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
• Proven ability to define and drive high-level application security strategy and plans.
• Excellent communication skills for reporting findings and influencing outcomes.

We're extra impressed by folks who have:

• Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
• Prior experience testing in government or regulated environments

What kind of benefits does CertiPath offer?

CertiPath offers outstanding benefits, including health, dental, and vision coverage; a Health Savings Account plan; and a 401(k) plan with a generous employer match. We also believe strongly in maintaining a quality work-life balance, so we offer an unlimited PTO policy, seven company holidays, and a week-long break at the end of each year. All qualified applicants will receive consideration for employment without regard to disability; status as a protected veteran; or any other status protected by applicable federal, state, local, or international law.