Application Security Engineer
United States of America
Full Time
3 hours ago
$104,000 - $141,000 USD
H1B Sponsor Likely
Key skills
PythonBashPowerShellCI/CDOWASP
About this role
Southern New Hampshire University is a team of innovators dedicated to transforming lives through education. They are seeking a mid-level Application Security Engineer to partner with development teams to embed security into the software delivery lifecycle and design security controls for enterprise applications and APIs.
Responsibilities:
- Perform threat modeling (e.g., OWASP Top 10) and application/API security reviews; provide clear, relevant remediation guidance
- Design and validate application and API security controls, including authentication, authorization, encryption, and input validation
- Design and review security controls for cloud-native applications, including containerized workloads and managed cloud services
- Integrate security tooling into CI/CD pipelines (SAST, DAST, SCA, secrets, IaC scanning); implement policy-as-code and pipeline gating
- Review application source code to identify security vulnerabilities and collaborate with developers to remediate findings
- Establish and automate secure configuration baselines, drift detection, and security monitoring to support Security Operations
- Validate vulnerabilities, reduce false positives, and guide teams toward pragmatic remediation and compensating controls
- Serve as a trusted security partner to developers through guidance, reusable patterns, and enablement
Requirements:
- 5+ years in IT or Cybersecurity
- 2+ years in Application Security Engineering or DevSecOps
- Experience with threat modeling, AppSec reviews, and CI/CD security integration
- Experience reviewing application logic and data flows for security issues, with the ability to read and interpret source code
- Experience with secure coding practices and common application/API vulnerabilities
- Experience with application security testing and automation tools
- Experience with networking fundamentals (TCP/IP, DNS, HTTP/S)
- Experience with scripting or automation (e.g., Python, PowerShell, Bash)
- Solid understanding of API security concepts and controls