Application Security Engineer

Description

Your Impact

The Application Security Engineer is responsible for embedding security throughout the software development lifecycle (SDLC), leading application security testing, and driving vulnerability remediation efforts.


About CivicPlus

At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

What You'll Do

As a AppSec Engineer, you will:

• Perform security code reviews, threat modeling, and architecture reviews across all development projects as part of secure Software Development Lifecycle (SDLC).
• Collaborate with development teams to integrate secure design, secure coding standards, and security controls across the SDLC.
• Identify, track, and validate vulnerabilities and security defects from security testing and scanning, collaborating with development teams to inform and prioritize remediation within compliance timeline requirements.
• Coordinate external, independent penetration testing of production environments.
• Lead application security testing, including static, dynamic, and interactive application security testing (SAST, DAST, IAST).
• Serve as a subject matter expert on application security vulnerabilities (such as the OWASP Top 10) and emerging threats.
• Partner closely with organizational functions and key stakeholders to provide guidance, tooling, and training to development teams and ensure secure design principles are applied, risks are mitigated, and applications are resilient against modern threats.

What We're Looking For

We know that excellent candidates come from diverse backgrounds. Even if you don't meet 100% of the listed requirements, we encourage you to apply!

Preferred Qualifications:


Experience

• 3 - 7 Years of experience in application security, secure development, penetration testing, or related field
• Working experience in application testing or security testing tooling (including SAST, DAST, and/or IAST)
• Working experience integrating secure design principles into change management, code review, CI/CD pipelines, and supporting secure development operations.

Certifications

• Security+, GSEC, GSSP or equivalent
• Bachelor's degree in Computer Science, Cybersecurity, Information Security, Information Systems, or a related field (preferred)

Skills

• Strong understanding of Secure Software Development Lifecycle (SSDLC), application security controls, and vulnerability management
• Familiarity with secure coding practices across multiple development languages (such as C#, Go, Java, JavaScript, or Python)
• Knowledge of cloud-native and SaaS application environments

Why CivicPlus?

This role offers:

• Embed security into how software is built. Partner with engineering teams to integrate secure design and coding practices throughout the development lifecycle.
• Find and fix vulnerabilities before they become risks. Lead application security testing and guide remediation across modern SaaS and cloud-based platforms.
• Be a trusted security advisor to developers. Provide hands-on guidance, tooling, and training that help teams build resilient applications from the start.
• Strengthen the security of products used by local governments. Help ensure CivicPlus applications remain secure, reliable, and resilient against evolving threats.

Compensation and Benefits

• Estimated Salary Grade Range: $70,300-$101,300
  • Anticipated Hiring Range: $70,000 - $80,000
  • The actual salary offer will carefully consider a wide range of factors, including your skills, qualifications, experience and is based on a 40-hour work week.
• Benefits: Comprehensive health insurance, dental insurance, vision insurance, Flexible Time Off, 401(k) plan, and more.

Our Hiring Process

• Introductory call with Talent Acquisition
• Interview with the Hiring Manager
• Panel Interview with CivicPlus team members, including an interview project activity
• Offer

Note: The process may vary slightly depending on the role.


Additional Information

• CivicPlus is currently unable to provide visa sponsorship for this position now or in the future. Applicants must be authorized to work in the US.
• We encourage you to apply as soon as possible, as applications will be reviewed on a rolling basis, and the posting may close earlier at the discretion of the Talent Acquisition team

Equal Opportunity Commitment

CivicPlus is proud to be an Equal Employment Opportunity employer. We celebrate and support diversity for the benefit of our employees, products, clients, and communities. Reasonable accommodations are available during the interview process.