1,059 application security engineer jobs at 652 companies in United States
🚀PromotedHiringCafe
Founding Backend / Infra Engineer
Cupertino, CA, US
$160k-$300k/yrOn-SiteFull Time
HiringCafe: Building a 100× better job search engine to take on Indeed and LinkedIn.
Own the crawlers, pipelines, and infrastructure powering a real-time job search engine. Strong Node.js and Python fundamentals; bonus points for security and reverse-engineering chops.
The Wolfe Companies: Provides comprehensive gift card management and fintech gifting solutions.
2+ YOE2+ years in application security/DevSecOps or software development with security exposure; coding background; CI/CD and secure-coding knowledge; bachelor\u0002s degree in related field (or equivalent experience).
Snyk, SemGrep, Cycode, GitHub, GitLab, Jenkins, AWS DevOps, OWASP, SANS CWE Top 25, DSOMM, BSIMM, AI/ML, LLM
Monarch Money: A subscription-based platform for personal budgeting and wealth management.
5+ YOE5+ years security engineering experience with application and AI security, proficiency in Python, SAST/DAST, secure code review, vulnerability management, and experience with Semgrep, Burp Suite, and Nuclei.
Virtru: Provides data-centric encryption and privacy control software for organizations.
4+ YOE4+ years in application security or secure development, strong cryptography and web security knowledge, experience with Node.js and Go, SAST/DAST/IAST/SCA tooling, vulnerability programs (bug bounty, pentest), and familiarity with cloud infra (GCP/AWS) and Kubernetes preferred.
Node.js, Go, Trusted Data Format (TDF), SAST, DAST, IAST, SCA, Burp, ZAP, Qualys, Nessus, GCP, AWS, Kubernetes, Slack, Zoom
Temporal Technologies: Durable execution platform for building resilient, scalable cloud applications.
5+ YOE5+ years in application/product security, Bachelor's in CS or related (or equivalent), experience with threat modeling, SAST/DAST, Kubernetes security, EMR tools, strong communication and partnership with engineering teams.
SAST, DAST, OWASP Top 10, MCP security specifications, Kubernetes, Python, Go
Brex: Corporate cards and spend management software for businesses.
8+ YOE8+ years in application/product security or related software engineering; technical leadership and mentorship experience; expertise in AI security, threat modeling, cloud-native container security (AWS, Kubernetes); proficiency in Python/Go; strong communication skills.
UniUni: Provides technology-driven last-mile delivery services for e-commerce businesses.
8+ YOE8+ years building and securing production software with recent focus on application/product security or DevSecOps; strong software engineering, AWS and Kubernetes security, IaC (Terraform), AppSec tooling (SAST/DAST/SCA), threat modeling, SAML/OpenID Connect, and incident response.
D&H Distributing: Distributes technology products and IT solutions to resellers.
3+ YOEDesigns and implements secure software practices; assesses application security; supports SDLC; proficient in at least one programming language; familiar with OWASP Top 10; experience with security assessments and vendor security.
BitGoNYSE: BTGO: Provides secure infrastructure for institutional digital asset management.
8+ YOE8+ years building and scaling application security programs for FinTech/Web3; strong engineering background in distributed systems, Python or Java, Kubernetes, AWS, Terraform; experience with SAST/DAST, CI/CD security automation, KMS/encryption, SOC 2/GDPR controls, and securing AI/ML lifecycles.
Zeta GlobalNYSE: ZETA: Provides an AI-powered marketing platform for enterprise customer engagement.
5+ YOE5+ years in application security or DevSecOps, strong threat modeling and secure design knowledge, experience with app/cloud/API security, AI/ML security familiarity, and ability to build automated security workflows.
Reltio: Cloud-native platform for unifying and managing enterprise data.
8+ YOE8+ years in application security or software development in cloud-native/SaaS environments; expertise in secure SDLC, CI/CD security, SAST/SCA/DAST, API and AI security; strong cloud and web technology knowledge.
Awardco: Software platform for employee recognition and corporate rewards programs.
6+ YOE6+ years in application security or secure software engineering; cloud SaaS security; web/API security; experience with SAST/DAST and CI/CD; mentoring developers.
FigureNASDAQ: FIGR: Provides blockchain-based lending and capital market technology solutions.
Experienced application security engineer to run vulnerability management, embed security into SDLC, perform threat modeling, manage pen tests, participate in incident response, and mentor engineers.
Serval: AI platform for automating IT and enterprise service workflows.
10+ YOE10+ years in cybersecurity with deep expertise in application security, secure SDLC, vulnerability management, secure cloud-native architecture, leadership experience, and strong software engineering skills.
Tatari: A platform for buying and measuring TV advertising campaigns.
Production Python experience, significant hands-on application security experience, threat modeling, building security tooling/automation, familiarity with AWS and Kubernetes, and SAST/DAST/SCA/CI-CD integration.
Python, Java, Rust, AWS, Kubernetes, OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS, SAST, DAST, SCA, CI/CD
SpaceX: Designs and launches advanced rockets and satellite internet constellations.
5+ YOE5+ years security software development experience (or 7+ years without degree), experience with application security for web/mobile, proficiency in Python/C++/Golang/C#, strong communication and networking knowledge.
4+ YOE4+ years in application security or software security engineering; writing production code; strong auth: OAuth 2.0, OIDC, SAML; experience with AWS and containers; Go/TypeScript; security tooling; incident response.