1,059 application security engineer jobs at 652 companies in United States

PromotedHiringCafe
Founding Backend / Infra Engineer
Cupertino, CA, US
$160k-$300k/yr On-SiteFull Time
HiringCafe
HiringCafe: Building a 100× better job search engine to take on Indeed and LinkedIn.
Own the crawlers, pipelines, and infrastructure powering a real-time job search engine. Strong Node.js and Python fundamentals; bonus points for security and reverse-engineering chops.
Node.js, Python, Elasticsearch, Redis
2w
Save
Mark Applied
Hide
Application Security Engineer
Pittsburgh, Pennsylvania, United States
$110k-$120k/yr OnsiteFull Time
The Wolfe Companies
The Wolfe Companies: Provides comprehensive gift card management and fintech gifting solutions.
2+ YOE2+ years in application security/DevSecOps or software development with security exposure; coding background; CI/CD and secure-coding knowledge; bachelor\u0002s degree in related field (or equivalent experience).
Snyk, SemGrep, Cycode, GitHub, GitLab, Jenkins, AWS DevOps, OWASP, SANS CWE Top 25, DSOMM, BSIMM, AI/ML, LLM
2w
Save
Mark Applied
Hide
Senior Application Security Engineer
United States
$180k-$215k/yr RemoteFull Time
Monarch Money
Monarch Money: A subscription-based platform for personal budgeting and wealth management.
5+ YOE5+ years security engineering experience with application and AI security, proficiency in Python, SAST/DAST, secure code review, vulnerability management, and experience with Semgrep, Burp Suite, and Nuclei.
Python, Django, Semgrep, Burp Suite, Nuclei, AWS, ECS, EKS, OWASP Top 10
4d
Save
Mark Applied
Hide
Engineer, Application Security
Chicago, Illinois, United States
$103k-$133k/yr HybridFull Time
Cboe
CboeBATS: CBOE: Operates global market infrastructure and provides tradable financial products.
2+ YOE2+ years software or application security experience, hands-on development, Docker/Kubernetes familiarity, knowledge of web/API vulnerabilities, CI/CD and security tooling, bachelor's preferred.
Docker/OCI, Kubernetes, Git, CI/CD, SAST, SCA, secret scanning, Go, Java, C#, Python, Node.js
1mo
Save
Mark Applied
Hide
Application Security Engineer
Washington, District of Columbia, United States
$180k-$200k/yr RemoteFull Time
Virtru
Virtru: Provides data-centric encryption and privacy control software for organizations.
4+ YOE4+ years in application security or secure development, strong cryptography and web security knowledge, experience with Node.js and Go, SAST/DAST/IAST/SCA tooling, vulnerability programs (bug bounty, pentest), and familiarity with cloud infra (GCP/AWS) and Kubernetes preferred.
Node.js, Go, Trusted Data Format (TDF), SAST, DAST, IAST, SCA, Burp, ZAP, Qualys, Nessus, GCP, AWS, Kubernetes, Slack, Zoom
3mo
Save
Mark Applied
Hide
Senior Application Security Engineer
United States
$180k-$225k/yr OnsiteFull Time
Temporal Technologies
Temporal Technologies: Durable execution platform for building resilient, scalable cloud applications.
5+ YOE5+ years in application/product security, Bachelor's in CS or related (or equivalent), experience with threat modeling, SAST/DAST, Kubernetes security, EMR tools, strong communication and partnership with engineering teams.
SAST, DAST, OWASP Top 10, MCP security specifications, Kubernetes, Python, Go
3w
Save
Mark Applied
Hide
Staff Application Security Engineer
San Francisco or United States
$240k-$300k/yr HybridFull Time
Brex
Brex: Corporate cards and spend management software for businesses.
8+ YOE8+ years in application/product security or related software engineering; technical leadership and mentorship experience; expertise in AI security, threat modeling, cloud-native container security (AWS, Kubernetes); proficiency in Python/Go; strong communication skills.
Python, Go, Kotlin, gRPC, GraphQL, Kubernetes, AWS, LLM
2mo
Save
Mark Applied
Hide
Staff Application Security Engineer
United States or Canada
RemoteFull Time
UniUni
UniUni: Provides technology-driven last-mile delivery services for e-commerce businesses.
8+ YOE8+ years building and securing production software with recent focus on application/product security or DevSecOps; strong software engineering, AWS and Kubernetes security, IaC (Terraform), AppSec tooling (SAST/DAST/SCA), threat modeling, SAML/OpenID Connect, and incident response.
AWS, Terraform, Kubernetes, OPA, Conftest, SAST, DAST, SCA, SAML 2.0, OpenID Connect, CI/CD
2mo
Save
Mark Applied
Hide
Application Security Engineer 3
Arlington, Virginia, United States
OnsiteFull Time
Bloomberg Industry Group
Bloomberg Industry Group: Provides legal, tax, and government intelligence and news services.
5+ YOELead application security engineering, design scalable security architectures, perform risk assessments, integrate security across the SDLC, and drive automation.
Python, Java, JavaScript, SAST, DAST, SCA, IaC, Container, Cloud Security, Kubernetes, DevSecOps
1mo
Save
Mark Applied
Hide
Application Security Engineer
Harrisburg, Pennsylvania, United States
OnsiteFull Time
D&H Distributing
D&H Distributing: Distributes technology products and IT solutions to resellers.
3+ YOEDesigns and implements secure software practices; assesses application security; supports SDLC; proficient in at least one programming language; familiar with OWASP Top 10; experience with security assessments and vendor security.
OWASP, OAUTH, ADFS, PowerShell, Python, Perl, Java, .NET, C#, SIEM, Security
1w
Save
Mark Applied
Hide
Senior Security Application Engineer
Palo Alto, California, United States
$200k-$235k/yr OnsiteFull Time
BitGo
BitGoNYSE: BTGO: Provides secure infrastructure for institutional digital asset management.
8+ YOE8+ years building and scaling application security programs for FinTech/Web3; strong engineering background in distributed systems, Python or Java, Kubernetes, AWS, Terraform; experience with SAST/DAST, CI/CD security automation, KMS/encryption, SOC 2/GDPR controls, and securing AI/ML lifecycles.
SAST, DAST, CI/CD, Terraform, Kubernetes, AWS, Python, Java, KMS, MLOps, LLM
1d
Save
Mark Applied
Hide
Lead Application Security Engineer
United States
$140k-$180k/yr RemoteFull Time
Zeta Global
Zeta GlobalNYSE: ZETA: Provides an AI-powered marketing platform for enterprise customer engagement.
5+ YOE5+ years in application security or DevSecOps, strong threat modeling and secure design knowledge, experience with app/cloud/API security, AI/ML security familiarity, and ability to build automated security workflows.
Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, React, Node.js, Django, FastAPI, OAuth2, OIDC, JWT, Docker, Kubernetes, AWS, GCP, Azure
2mo
Save
Mark Applied
Hide
Staff Application Security Engineer
New York or San Francisco or London
$185k-$260k/yr OnsiteFull Time
Bitwise Asset Management
Bitwise Asset Management: Specialized crypto-focused asset manager and index fund provider.
7+ YOE7+ years in application security, hands-on SAST/DAST, secure SDLC and CI/CD security, dependency and supply-chain security, threat modeling (STRIDE/PASTA), penetration test coordination, secrets management experience.
SAST, DAST, CI/CD, Socket.dev, HashiCorp Vault, AWS Secrets Manager, STRIDE, PASTA
2d
Save
Mark Applied
Hide
Staff Application Security Engineer
United States
$114k-$240k/yr OnsiteFull Time
Reltio
Reltio: Cloud-native platform for unifying and managing enterprise data.
8+ YOE8+ years in application security or software development in cloud-native/SaaS environments; expertise in secure SDLC, CI/CD security, SAST/SCA/DAST, API and AI security; strong cloud and web technology knowledge.
Jenkins, ArgoCD, SAST, SCA, DAST, Model Context Protocol (MCP), LLM, Burp Suite Pro, Java, Java Spring Boot, JavaScript, Node.js, C#, AWS, GCP, Azure, Kubernetes, Wiz, NeMo Guardrails, AWS Bedrock Guardrails, DefectDojo, Wiz Code, Veracode, Checkmarx, Cycode, SonarQube, OWASP
3mo
Save
Mark Applied
Hide
Application Security Engineer
Lindon, Utah, United States
OnsiteFull Time
Awardco
Awardco: Software platform for employee recognition and corporate rewards programs.
6+ YOE6+ years in application security or secure software engineering; cloud SaaS security; web/API security; experience with SAST/DAST and CI/CD; mentoring developers.
SAST, DAST, Dependency scanning, Container scanning, GitHub Advanced Security, Snyk, Wiz
1w
Save
Mark Applied
Hide
Application Security Engineer
United States
$120k-$154k/yr RemoteFull Time, Contract
Figure
FigureNASDAQ: FIGR: Provides blockchain-based lending and capital market technology solutions.
Experienced application security engineer to run vulnerability management, embed security into SDLC, perform threat modeling, manage pen tests, participate in incident response, and mentor engineers.
CI/CD, blockchain, AI
3w
Save
Mark Applied
Hide
Security Engineer, Application Security
San Francisco, California, United States
$200k-$325k/yr OnsiteFull Time
Serval
Serval: AI platform for automating IT and enterprise service workflows.
10+ YOE10+ years in cybersecurity with deep expertise in application security, secure SDLC, vulnerability management, secure cloud-native architecture, leadership experience, and strong software engineering skills.
SAST, DAST, SCA, secrets scanning, fuzzing, CI/CD
1mo
Save
Mark Applied
Hide
Senior Application Security Engineer
New York or Los Angeles or San Francisco
$165k-$190k/yr HybridFull Time
Tatari
Tatari: A platform for buying and measuring TV advertising campaigns.
Production Python experience, significant hands-on application security experience, threat modeling, building security tooling/automation, familiarity with AWS and Kubernetes, and SAST/DAST/SCA/CI-CD integration.
Python, Java, Rust, AWS, Kubernetes, OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS, SAST, DAST, SCA, CI/CD
1w
Save
Mark Applied
Hide
Sr. Application Security Engineer
Redmond, Washington, United States
$170k-$235k/yr OnsiteFull Time
SpaceX
SpaceX: Designs and launches advanced rockets and satellite internet constellations.
5+ YOE5+ years security software development experience (or 7+ years without degree), experience with application security for web/mobile, proficiency in Python/C++/Golang/C#, strong communication and networking knowledge.
Python, C++, Golang, C#
2d
Save
Mark Applied
Hide
Application Security Engineer
Nashville, Tennessee, United States
OnsiteFull Time
Universal Music Group
Universal Music GroupEuronext Amsterdam: UMG: Global music recording, publishing, merchandising, and content production.
5+ YOE5+ years application security or security engineering experience; perform app security assessments, threat modeling, secure design reviews; experience with cloud-native architectures, CI/CD integration, and developer enablement.
SAST, DAST, SCA, API security testing, GitHub Advanced Security, Microsoft Defender for Cloud, Checkmarx, Veracode, Burp Suite, Semgrep, Python, PowerShell, AWS, Azure, Google Cloud Platform, OAuth, OpenID Connect (OIDC), SAML, JWT, CI/CD, Kubernetes, Infrastructure as Code, OWASP, NIST Cybersecurity Framework, ISO 27001
1mo
Save
Mark Applied
Hide
Application Security Engineer
San Francisco, California, United States
HybridFull Time
Opal Security
Opal Security: Provides intelligent identity governance and enterprise access management solutions.
4+ YOE4+ years in application security or software security engineering; writing production code; strong auth: OAuth 2.0, OIDC, SAML; experience with AWS and containers; Go/TypeScript; security tooling; incident response.
Go, TypeScript, React, PostgreSQL, Redis, GraphQL, AWS, Kubernetes, Docker