54 application security engineer jobs at 44 companies in Massachusetts
🚀PromotedHiringCafe
Founding Backend / Infra Engineer
Cupertino, CA, US
$160k-$300k/yrOn-SiteFull Time
HiringCafe: Building a 100× better job search engine to take on Indeed and LinkedIn.
Own the crawlers, pipelines, and infrastructure powering a real-time job search engine. Strong Node.js and Python fundamentals; bonus points for security and reverse-engineering chops.
5+ YOE5+ years OWASP, SAST, DAST, SCA, RASP; 7+ years in application security or related field; strong web security knowledge; secure SDLC; Bachelor's in CS; CISSP/OSCP/CASE preferred.
HarbourVest: Manages global private equity, credit, and infrastructure investments.
3+ YOE3+ years experience in application security or secure software development; expertise in SAST/DAST/SCA, threat modeling, secure code review, cloud/containers/IaC, CI/CD and DevSecOps; proficiency in Java/Python/C#/JavaScript and AI-assisted coding tools; security certifications preferred.
Seattle or Los Angeles or San Francisco or California or Colorado or Connecticut or Delaware or Hawaii or Illinois or Maine or Maryland or Massachusetts or Minnesota or Nevada or New Jersey or New York or Rhode Island or Virginia or Washington or Washington DC or United States
$141k-$259k/yrOnsiteFull Time
Nordstrom: Operates luxury department stores and off-price retail outlets.
4+ YOE4+ years in application security or related field; experience shipping security tooling and automation; expert threat modeling, security design review, and manual code review; fluent reading/writing code in Java, Kotlin, C#, or Python; cloud-native and LLM/AI security knowledge.
DatadogNASDAQ: DDOG: Observability and security platform for cloud applications and infrastructure.
Software engineering background with hands-on code review; knowledge of OWASP Top 10, SAST/DAST, API security; able to mentor engineers and define secure-by-default solutions.
Go, Python, Rust, OWASP, SAST, DAST, API security, APM, CI/CD
Boston or Carmel or Chicago or Lambertville or New York City or San Francisco or United States
$60k-$80k/yrHybridFull Time
Real Chemistry: Provides marketing and communication services for healthcare companies.
5+ YOE5+ years cloud security experience (3+ in high-growth acceptable), including 2 years focused on application security; hands-on with AWS IAM, SAML/OIDC, GitHub security tooling, threat modeling, penetration testing, and familiarity with SOC 2/GDPR/HIPAA-adjacent controls.
Boston or Chicago or Los Angeles or New York or San Francisco or Toronto or Vancouver or Vancouver
$145k-$175k/yrRemoteFull Time
Later: Provides software for social media scheduling and influencer marketing.
5+ YOE5+ years security engineering experience; strong application, cloud, and infrastructure security; SOC 2 and compliance experience; vulnerability management, IaC and CI/CD security; strong communication and software engineering skills.
OWASP, NIST, CIS Controls, SOC 2, ISO 27001, AWS Security Hub, Azure Security Center, GCP Security Command Center, SIEM, SOAR, Terraform, CloudFormation, C#, CI/CD
Sugino Corp: Manufacturer of precision industrial cleaning and machining equipment.
Provide field technical support for fire, security, and communications systems including programming, commissioning, troubleshooting, and maintaining manufacturer software; obtain required Massachusetts licensures; work in customer sites using diagnostic tools and laptop.
Seven AI: Provides autonomous AI agents for enterprise security operations.
6+ YOE6+ years in software/security engineering; strong secure application/system design knowledge; production coding in at least two of Python, TypeScript, or Rust; SAST/SCA/CSPM tooling experience; threat modeling and developer-tooling experience.
ASUSTaiwan Stock Exchange: 2357: Manufacturer of computer hardware, laptops, and consumer electronics.
8+ YOEBachelor's in CS or related, 8+ years in application/infrastructure security, hands-on cloud (GCP) and web app security (Node.js/Next.js), IAM, SAST/DAST/CI-CD integration, Terraform preferred, strong communication.
New York or Connecticut or Texas or Rhode Island or Massachusetts
$118k-$261k/yrRemoteFull Time
CVS HealthNYSE: CVS: Provides retail pharmacy, health insurance, and pharmacy benefit management services.
7+ YOE2+ Mgmt7+ years in enterprise security and security program leadership; experience with cloud-native architectures, application security, vulnerability management, SAST/SCA/SBOM, developer enablement, and security automation.
ModernaNasdaq: MRNA: Develops and manufactures messenger RNA medicines and vaccines.
5+ YOE5+ years cybersecurity or application/platform security experience with hands-on API security, threat modeling, API risk assessment, and collaboration with engineering and platform teams.
API gateways, service meshes, reverse proxies, AI Gateway
InvoiceCloud: Provides digital billing and payment solutions for essential services.
5+ YOEBachelor's degree or equivalent experience, 5+ years security engineering, 2+ years securing AI/ML systems, expertise in application/cloud security, CI/CD and MLOps integration, and familiarity with AI threat models and industry guidance.
AWS, Azure, MLOps, MLSecOps, CI/CD, SIEM, SOC, LLM, OWASP GenAI/Top 10 for LLM Applications, MITRE ATLAS, NIST AI RMF
8+ YOE8+ years relevant experience, Bachelor's or equivalent in Computer Science/Security, deep application/infrastructure/cloud-native security expertise, AI/ML security experience, experience defining security architecture and threat models, proficiency in Python or Go, compliance experience.
Seattle or Madison or Princeton or Cambridge Crossing
$138k-$183k/yrOnsiteFull Time
Bristol Myers SquibbNew York Stock Exchange: BMY: Develops and distributes innovative medicines for serious diseases.
5+ YOE5+ years in software/cloud engineering; AWS-native; Python/FastAPI; TypeScript/Node; CI/CD; experience with LLM/agentic AI; MCP/FastMCP; security, IAM, VPC; knowledge of data stores.
WHOOP: Providing wearable health trackers and physiological performance analytics.
4+ YOE4+ years in information security with focus on detection engineering, threat detection, or security operations; experience writing/tuning detections across cloud, identity, endpoint, or applications; strong scripting; familiar with detection tools (YARA, SIGMA, Suricata).
WHOOP: Wearable technology for personalized health and performance tracking.
4+ YOE4+ years in information security, detection engineering, or security operations; experience building detections across cloud, identity, endpoint, or application; familiarity with YARA, SIGMA, Suricata; strong scripting (Python/Go/PowerShell); cloud/SaaS telemetry expertise; communications skills;Bachelor’s degree in CS/Info Security or related fiel...
Flexcompute: Develops GPU-native multiphysics simulation software for hardware engineers.
Hands-on engineering in backend, DevOps/infrastructure, or security; experience securing AWS; familiarity with Terraform, CI/CD pipelines, and application/infrastructure security; experience with compliance frameworks (NIST 800-171/800-53) preferred.
Tines: No-code workflow automation for security and IT teams.
8+ YOE8+ years in product/application security, cloud-native security (AWS preferred), experience with AI/LLM-augmented tooling, vulnerability management, CI/CD security, SAST/DAST/SCA, incident response, and strong communication skills.