Application Security Engineer

Location / Remote : 100% remote, but must be willing to work Eastern Time Zone hours

Employment Type : Perm / Direct Hire / Full-time

Compensation : up to $175k base

Benefits : medical, dental, vision, LTD / STD, HSA / FSA, term life, and supplemental health insurances (e.g., Aflac) for all employees (and their families if needed)

We are seeking a passionate and experienced Application Security Engineer to join our team and play a pivotal role in safeguarding our Azure-based .

NET-based web applications. You will be responsible for identifying, analyzing, and mitigating security vulnerabilities throughout the development lifecycle.

Your expertise in SAST, DAST, and SCA tools, coupled with a strong understanding of security best practices, will be instrumental in ensuring the security of our applications.

Responsibilities :

• Conduct comprehensive security assessments of .NET web applications hosted on Azure, leveraging SAST, DAST, and SCA testing techniques.
• Analyze identified vulnerabilities, evaluate their severity, and recommend effective remediation strategies.
• Work closely with development teams to ensure timely and effective resolution of security vulnerabilities, promoting secure coding practices throughout the development lifecycle.
• Actively participate in code reviews to identify potential security flaws early in the development process.
• Stay abreast of the latest web application security threats and vulnerabilities, including those listed in the OWASP Top 10.
• Develop and maintain secure coding practices and security policies within the organization.
• Incident Response : Contribute to the overall security posture of the company by participating in security awareness training and incident response activities.
• Integrate SAST, DAST and SCA tools like Veracode into CI / CD pipelines across multiple organizations using various platforms.
• Analyze vulnerability findings and customize reports to address specific organizational needs.
• Develop and deliver OWASP Top 10 training to educate developers on secure coding practices.
• Assist developers with integrating CI / CD tooling and development processes to streamline security workflows.
• Demonstrate familiarity with security best practices such as NIST Cybersecurity Framework

Qualifications :

• 4+ years of experience in application security, with a strong focus on Azure-based .NET web applications.
• Proven experience using Veracode to conduct SAST, DAST, and SCA security assessments.
• In-depth understanding guiding developers to implement and understand OWASP methodologies and web application security threats.
• Previous software development experience (C# / .NET preferred)

Preferred Skills (not required) :

• Experience with security frameworks and compliance standards (NIST CSF, 800-53, 800-171).
• Familiarity with cloud platforms, particularly Azure, and cloud-native security best practices.
30+ days ago