Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

Application Security Engineer

Veilant

Company Description

We were early to the fight against Ubiquitous Technical Surveillance, and we've been pushing the edge ever since.

Our mission is to help government and enterprise organizations understand and manage commercial data risks, shape their digital signatures, and operate with confidence in an increasingly complex information landscape. We build and integrate advanced, tech-forward solutions to problems our customers often don't know they have - until it matters most.

We move fast, think critically, and deliver where it counts.

What's in it for you?

We work hard and do fun things.

You'll work on high-impact, technically challenging problems alongside a team that values teamwork over competition. Veilant offers a solid work-life balance and flexible remote work options. At Veilant, you'll work with the most talented software developers, systems engineers, and subject matter experts, building tools and systems that make a real difference.

Job Description

Veilant is looking for an Application Security Engineer to join our InfoSec team and help validate, secure, and continuously improve software developed by internal and partner engineering teams.

This role is ideal for someone who combines a software engineering foundation with an attacker mindset. You will review major and minor software releases before deployment, identify and validate vulnerabilities, create proof-of-concept demonstrations where appropriate, and provide practical remediation guidance that developers can act on.

You will not simply file security tickets and move on. You will work closely with engineering teams to understand application architecture, business logic, user workflows, data sensitivity, and production environments so that your findings are accurate, contextualized, and useful.

You will work collaboratively across Veilant's software, DevSecOps, and infrastructure teams.

In this role, you will:

  • Audit software releases across major and minor cycles to intercept and remediate security flaws before deployment.
  • Analyze source code to identify, isolate, validate, and contextualize vulnerabilities in complex application codebases.
  • Build safe proof-of-concept examples to demonstrate exploitation paths and verify the real-world impact of discovered risks.
  • Contextualize findings based on application business logic, user workflows, data sensitivity, and production use cases.
  • Author clear remediation guidance and partner with development teams to implement effective patches, controls, or architectural mitigations.
  • Intercept and analyze application-layer network traffic using tools such as Burp Suite or similar intercepting proxies to inspect encrypted payloads, API calls, and authentication flows.
  • Assess and help secure core architectures across REST APIs, SQL databases, PostgreSQL, JWT/OAuth, identity providers, and token-based authentication mechanisms.
  • Perform threat modeling for web applications based on use cases, data flows, user roles, trust boundaries, and production environments.
  • Improve DevSecOps pipelines by integrating, tuning, and operationalizing SAST, DAST, SCA, IaC scanning, secrets detection, and container security tooling.
  • Support container runtime security efforts using monitoring and runtime protection tools such as Falco, NeuVector, or similar technologies.
  • Create standardized security reporting that translates technical findings into clear risk narratives for both engineering teams and executive stakeholders.

What You Will Accomplish in Your First Six Months

Within your first six months, success in this role will look like:

Building a repeatable AppSec review process for major and minor software releases, helping engineering teams identify and resolve security issues before deployment.

Integrating and improving SAST, DAST, and SCA checks in CI/CD pipelines so that security testing becomes a reliable part of the development lifecycle rather than a late-stage blocker.

Establishing threat modeling practices for web applications using common frameworks and applying them to Veilant's Angular front-end, Java Spring Boot back-end, REST APIs, SQL databases, and authentication flows.

Partnering with engineering and software teams to improve secure coding practices through practical feedback, remediation guidance, and collaborative reviews.

Implementing best practices in container runtime security , including visibility, monitoring, and runtime protections for containerized workloads.

Writing standardized security reports that clearly communicate risk, impact, and remediation steps for both executive-level stakeholders and engineering teams.

Qualifications

What We Are Looking For

Strong candidates will bring:

  • Ability to obtain a Security Clearance
  • 2+ years of software development experience in Java.
  • Hands-on experience reviewing or securing applications built with Java Spring Boot, Angular, REST APIs, SQL databases, and PostgreSQL.
  • Working knowledge of authentication and authorization technologies, including JWT, OAuth, identity providers, Entra, Keycloak, and token-based access models.
  • Experience intercepting, decrypting, manipulating, and analyzing web or application network traffic.
  • Demonstrated ability to find, validate, and explain vulnerabilities in a real codebase.
  • Familiarity with CI/CD tools such as GitLab CI, Azure DevOps, or GitHub Actions.
  • Experience with containerized environments and orchestration tools such as Kubernetes.
  • Exposure to infrastructure-as-code and container scanning tools such as Trivy, Kubesec, or similar technologies.
  • Understanding of cloud hosting environments such as Azure or AWS.
  • Familiarity with secrets management tools such as GitLab Secrets Manager, AWS KMS, Azure Key Vault, or Ansible Vault.
  • Experience with automated application security testing, including SAST, DAST, and SCA.
  • Familiarity with runtime security and monitoring tools for containers, such as Falco, NeuVector, or similar platforms.
  • Hands-on web security testing experience using Burp Suite or comparable tooling.
  • Strong written communication skills, including the ability to write reports for both technical and non-technical audiences.
  • OSWE, OSCP, and/or GXPN certifications are highly desirable.

The Kind of Person Who Will Thrive Here

You will do well in this role if you are curious, collaborative, and comfortable working across both code and security. You know how to speak with developers in practical terms, explain risk without creating unnecessary friction, and help teams ship secure software without slowing the mission down.

You are someone who can move from reviewing source code, to analyzing an API request, to modeling a threat scenario, to writing a report that an executive can understand. You enjoy solving problems at the root cause, not just documenting symptoms.

Additional Information

Why You'll Love Working Here:

  • Innovative Environment: Work in a setting where your ideas and expertise are valued.
  • Collaborative Culture: Be part of a team that supports each other and works toward shared goals.
  • Career Growth: Opportunities for professional development and career advancement.

Here are some Perks!

  • Flexible PTO + holidays
  • Generous 401k match benefit up to 10%, with an automatic 3% safe harbor contribution and additional matching based on employee contributions.
  • Medical (HSA & PPO Plans Available), dental, vision, disability, and life insurance
  • Employer Contribution to Health Savings Account (HSA)
  • Learning & Development opportunities
  • Professional coaching services
  • Get the technology you want to do your job
  • We have free daily snacks & drinks

Physical Requirements:

  • Must be able to remain in a stationary position 50% of the time. The person in this position needs to occasionally move about inside the office
  • Constantly work with computers and other information technology equipment
  • The ability to communicate information and ideas in a classroom style format, may stand at a podium for long periods of time

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, veteran status, or any other characteristic protected by law. We are proud to be an equal opportunity workplace.

If you require a reasonable accommodation to apply for a position with Veilant through its online applicant system, please contact Veilant's Talent Management Department at View phone number on click.appcast.io or contact us throughe-mail at View email address on click.appcast.io

Videos To Watch
Vacancy posted 4 days ago
Similar jobs that could be interesting for youBased on the Application Security Engineer in McLean, VA vacancy
  •  ...Title: Application Security Engineer Location: Rockville, MD Hybrid local only Duration: 12 months Visa: USC , GC Application Security, Penetration Testing (Burp Suite), SAST/DAST/IAST, DevSecOps, AWS, OWASP, Java/Python/JavaScript, CI/CD... 
    Suggested
    Local area

    3B Staffing LLC

    Rockville, MD
    4 days ago
  •  ...Job Description Application Security Engineer Strategy (Nasdaq: MSTR) • Tysons Corner, VA • Full-time, 5 days/week on-site Job Description Join Strategy's IT Security group as an Application Security Engineer and play a crucial role in safeguarding Strategy... 
    Suggested
    Full time

    Strategy LLC

    Falls Church, VA
    1 day ago
  •  ...Senior Application Security Engineer Software Guidance & Assistance, Inc., (SGA), is searching for a Senior Application Security Engineer for a contract assignment with one of our premier regulatory clients in Rockville, MD. The main function of senior application security... 
    Suggested
    Contract work

    SGA

    Rockville, MD
    6 hours ago
  •  ...Senior Application Security Engineer This role sits at the intersection of cybersecurity consulting and hands-on engineering, supporting a diverse portfolio of clients in strengthening their application security posture. You will act as a trusted advisor and technical... 
    Suggested
    Remote work
    Home office
    Flexible hours

    Jobgether

    Washington DC
    4 days ago
  • $110k

     ...Job Seekers can review the Job Applicant Privacy Policy by clicking here ( . Job Description : SUMMARY We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must... 
    Suggested
    Full time

    Ryder

    Washington DC
    3 days ago
  •  ...Senior Application Security Engineer Looking for a senior-level professional that can help with application security engineering as well as cybersecurity architecture. Looking for candidates with a solid development background and good exposure to the cybersecurity... 

    TalTeam

    Reston, VA
    3 days ago
  • $150.2k - $225.4k

     ...About the team: The Information Security organization advances the overall state of security at Rubrik through purposeful...  ...information. About the role: Rubrik is seeking an Application Security Engineer. In this role, you will be responsible for ensuring that... 
    Work experience placement
    Local area
    Remote work
    Shift work

    Rubrik

    Washington DC
    3 days ago
  • $104k - $166k

     ...Application Security Engineer Job Locations US-VA-Herndon Requisition ID 2026-164866 Position Category Cyber Security Clearance Top Secret/SCI Responsibilities We are seeking a highly skilled and innovative Application... 
    Contract work
    Shift work

    Peraton

    Herndon, VA
    1 day ago
  •  ...Title : Application Security Engineer Location : Rockville, MD or McLean, VA Target Start Date : ASAP Type : contract Pay Rate: DOE The Senior Application Security Engineer is responsible for designing, implementing, and advancing... 
    Contract work
    Immediate start

    ConsultNet

    Rockville, MD
    6 hours ago
  • $135k - $200k

     ...Application Security Engineer Palantir builds the world's leading software for data-driven decisions and operations. By bringing the right data to the people who need it, our platforms empower our partners to develop lifesaving drugs, forecast supply chain disruptions... 
    Work experience placement
    Work at office
    Remote work
    Work from home
    Relocation package

    Palantir Technologies

    Washington DC
    4 days ago
  •  ...Implement and develop, and integrate information security risk management into application and software development lifecycles. Develop and maintain security policies and standards. Provide risk assessments and/or threat modeling. Review source code, perform tests to enhance... 

    Target Labs

    Vienna, VA
    1 day ago
  •  ...customers’ business challenges, Take2 will work as a partner to best resolve client needs. Take2 is hiring a Senior Application Security Engineer. This is a fully remote role. Job Description ~6+ years of Information Technology experience ~3+ years of experience... 
    Full time
    Remote work

    Take2 Consulting LLC

    Falls Church, VA
    2 days ago
  •  ...The Application Security Engineer (ASE) is responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented... 
    Contract work

    Target Labs

    Rockville, MD
    1 day ago
  • $110k

     ...Job Description We seek a highly motivated and experienced Application Security Engineer to join our growing security team. This role is highly technical and candidates must possess a solid understanding of the security and privacy of our company's applications and data... 
    Full time

    Ryder

    Washington DC
    2 days ago
  • SourcePro Search is conducting a search for an experienced Senior Application Security Engineer in Washington, DC. The ideal candidate will serve as subject matter expert integrating secure design for applications and services within the system development lifecycle. This... 

    SourcePro Search

    Washington DC
    2 days ago
  • $140k - $160k

    Overview Edgewater is currently seeking an Application Security Engineer who will be a hands‑on subject matter expert in Microsoft Azure cloud technologies, application security, security architectures, security tools, and methodologies. The Application Security Engineer... 
    Contract work
    Local area
    Remote work

    Edgewater IT LLC Defunct

    Washington DC
    4 days ago
  • CGI Njoyn is looking for a Technical Analyst - Application Engineer in Washington, DC. This permanent full-time role requires expertise in software development and will involve automating processes within CGI's Momentum financial management system at a government agency... 
    Permanent employment
    Full time

    CGI Njoyn

    Washington DC
    3 days ago
  • $210k - $230k

    Upside is seeking an experienced Security Engineer to identify and mitigate application vulnerabilities. This role requires expertise in application security and a deep understanding of AWS architecture. Responsibilities include innovating security solutions and conducting... 
    Work at office

    Upside

    Washington DC
    5 days ago
  • NewGen Technologies is seeking an Applications Developer to support onsite incident response for U.S. Government customers experiencing cyber-attacks. The role involves software design, troubleshooting, and integration to enhance incident response capabilities. Applicants... 

    NewGen Technologies

    Arlington, VA
    2 days ago
  • SourcePro Search is seeking a Mid-Level Application Engineer - Cyber Security Analytics Engineer in Washington, DC. The ideal candidate will develop and manage software tools to support Enterprise Management, focusing on software specifications, program design, and documentation... 

    SourcePro Search

    Washington DC
    5 days ago
  • We are conducting a search for a Mid‑Level Application Engineer - Cyber Security Analytics Engineer. We are seeking an ideal candidate who can develop and manage software tools to support Enterprise Management. This role involves formulating and defining specifications... 

    SourcePro Search

    Washington DC
    5 days ago
  •  ...Healthshare Application Engineer We are currently looking for a HealthShare Application Engineer for a 100% remote position supporting a...  ...administration, production support, automation, CI/CD processes, security integrations, and system performance optimization. This... 
    Remote work
    Monday to Friday
    Shift work
    Weekend work
    Afternoon shift

    VetsEZ

    Washington DC
    3 days ago
  •  ...Role Summary The Application Engineer is responsible for developing and maintaining software applications to support the company's business operations. Main Responsibilities and Duties Develop and maintain software applications. Collaborate with the engineering team to... 

    Beyond SOF

    Washington DC
    1 day ago
  • ## Job Description# Sr Applications Engineer**Location:** Falls Church, Virginia (Remote) **Employment Type:** Contract to Perm* Implement and...  ...Active Directory Services and manage application security, including Single-Sign-On and Certificate Management.* Ensure... 
    Permanent employment
    Contract work
    Remote work

    Apex Systems

    Falls Church, VA
    2 days ago
  •  ...Electrical Applications Engineer - Ashburn, VA This position is also available onsite with OEM firms in: Pittsburgh PA Orangeburg SC, or remote with a Manuf Rep Firm in any major city in the SouthEast. This job opportunity is with a Southeast Regional Market... 
    Work at office
    Remote work

    Pkaza LLC

    Sterling, VA
    3 days ago
  •  ...Job Purpose/Summary The Field Application Engineer will serve as the primary technical bridge between our engineering team and customer environments where our product is deployed, including secure facilities. They will support customer operators to manage the day-to-day... 
    Local area

    Integratedcooling

    Washington DC
    1 day ago
  • $62.9k - $153.3k

    Title Forward Deployed Application Engineer Location Arlington, Virginia, United States Job Description CGI Federal is looking for a Forward...  ...upon specific assignment and/or level of US government security clearance held. Dependent upon role and/or federal government... 
    Local area

    CGI Njoyn

    Arlington, VA
    3 days ago
  • $75k - $175k

    Appian is seeking an Application Engineer to design and deliver enterprise applications using Appian and AI. This position requires in-office attendance in McLean, Virginia, 5 days a week. Responsibilities include building web-based applications, integrating systems, and... 
    Work at office

    Appian

    Mc Lean, VA
    3 days ago
  • A leading financial institution is seeking a Remote Engineer III for Hogan Applications, responsible for technical analysis, design, and implementation within a critical banking environment. Candidates should have extensive experience in Hogan architecture and application... 
    Remote job

    PENFED Credit Union

    Mc Lean, VA
    2 days ago
  • $75k - $175k

     ...Technology, we use Appian to run Appian. Our team builds the internal applications that keep the company moving—streamlining operations,...  ...what’s possible on our own platform. As an Appian Application Engineer, you’ll design and deliver enterprise applications on Appian with... 
    Work at office
    Local area
    Flexible hours

    Appian

    Mc Lean, VA
    3 days ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to Application Security Engineer. Be the first to apply!