Application Security Engineer

Software Security Firm looking for Application Security Engineer This Jobot Consulting Job is hosted by: John Erwin Are you a fit? Easy Apply now by clicking the "Quick Apply" button and sending us your resume. Salary: $50 - $80 per hour A bit about us: We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world Why join us? Competitive Compensation Work on incredible projects that are fun and challenging Full Benefits (Medical, Vision, Dental) 401k Long term Contract to Hire opportunity Job Details RESPONSIBILITIES Perform application security assessments including manual code review, SAST, DAST, SCA, and targeted penetration testing. Lead threat modeling sessions for new features, architectural changes, and AI/LLM-backed workflows with customer product and engineering teams. Integrate security tooling (Semgrep, Snyk, CodeQL, GitHub Advanced Security, Burp Suite) into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) with minimal developer friction. Triage, track, and drive remediation of findings across web, mobile, and API surfaces with developer-friendly workflows and SLAs. Design and maintain secure coding standards, authentication and authorization patterns (OAuth 2.0, SAML, JWT), and training materials for customer development teams. Evaluate third-party libraries, vendor integrations, and open-source dependencies for supply chain and security risk. Support incident response activities and contribute to post-incident analysis with a focus on application-layer root cause. Write and maintain documentation, runbooks, and architecture decision records (ADRs) for AppSec tooling, coding standards, and remediation playbooks. QUALIFICATIONS 3 to 5 years of experience in application security, penetration testing, or secure software development. Strong knowledge of OWASP Top 10, CWE, and common web and API vulnerability classes. Hands-on experience with at least two of the following: SAST, DAST, SCA, or IAST tools in real CI/CD environments. Proficiency in one or more programming languages (Python, Go, JavaScript/TypeScript, or Java) for automation, tooling, and integration work. Familiarity with modern development workflows including Git, CI/CD pipelines, and containerized environments. Solid understanding of authentication and authorization frameworks (OAuth 2.0, SAML, JWT). Excellent communication skills with the ability to translate security findings into actionable engineering tasks. Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE Relevant certifications such as OSCP, GWAPT, CEH, or CSSLP. Experience with bug bounty programs or responsible disclosure processes. Familiarity with cloud-native security (AWS, GCP, or Azure) and cloud-native workload protection. Prior contributions to open-source security tooling. Interested in hearing more? Easy Apply now by clicking the "Quick Apply" button. Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot’s policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions. Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance. Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy