Hampton NorthRemote
Application Security Engineer
United States of America
Full Time
2 weeks ago
$120,000 - $150,000 USD
No H1B
Key skills
Application Security EngineeringVulnerability IdentificationWeb SecurityFinancial Services SecurityMobile SecuritySource Code AuditingTypeScriptJavaScriptC#JavaSwiftOWASP Top 10CWECVSS ScoringVeracodeQualysRapid7Burp SuiteAuthentication ProtocolsSAMLOAuth 2.0JWTCryptographic StandardsEncryptionHashingAuthentication Lifecycle ManagementAWSGitCOAuthSaaSRisk ManagementCollaborationOWASP
About this role
Hampton North is a cloud-native SaaS company in the financial services space, seeking an Application Security Engineer to join their security engineering team. The role involves managing vulnerability assessments, developing security programs, and collaborating with product and development teams to enhance application security.
Responsibilities:
- Monitor and analyze security alerts and vulnerability reports; prioritize, validate, and drive timely remediation
- Maintain and optimize SAST/DAST scanning infrastructure to ensure thorough application security coverage across the environment
- Design, implement, and evolve ASPM capabilities, integrating signals from SAST, DAST, and SCA to manage runtime telemetry and define risk scoring models that account for exploitability, data sensitivity, and business impact
- Own the bug bounty program end-to-end: strategy, scope definition, triage, validation, severity assessment, and ongoing researcher engagement
- Manage third-party penetration tests and vulnerability assessments, coordinating response to findings
- Conduct architectural and code reviews in cross-functional collaboration, delivering concrete remediation guidance
- Develop and maintain application threat models to support proactive risk posture management
- Support incident response activities across identification, containment, and resolution of application security events
- Stay current on emerging threats and translate that intelligence into actionable guidance for engineering and product teams
- Contribute to risk management, compliance audits, and client-facing security communications
Requirements:
- 3+ years in application security engineering or security-focused software engineering
- 3+ years of hands-on vulnerability identification and qualification in web, financial services, or mobile environments
- Proficiency reading and auditing source code across TypeScript, JavaScript, C#, Java, or Swift for security issues
- Strong working knowledge of OWASP Top 10, CWE, and CVSS scoring
- Hands-on experience with vulnerability platforms such as Veracode, Qualys, Rapid7, or Burp Suite
- Solid understanding of authentication and authorization protocols: SAML, OAuth 2.0, and JWT
- Familiarity with cryptographic standards including encryption, hashing, and authentication lifecycle management
- Experience with AWS and Git in a professional environment
- Bachelor's degree in Computer Science, Cybersecurity, MIS, or equivalent experience