Russell TobinRemote
Application Security Engineer
United States of America
Full Time
3 weeks ago
$95 - $104 USD
H1B Sponsor Likely
Key skills
JavaScriptJavaSQLGraphQLOWASPPenetration Testing
About this role
Russell Tobin is a Global Tech Company looking to hire an Application Security Engineer. The role involves triaging and validating customer-reported security vulnerabilities, analyzing codebases for security issues, and preparing security assessments for various audiences.
Responsibilities:
- Triage and validate customer-reported security vulnerabilities across web, API, and server-side attack surfaces
- Reproduce reported issues in lab environments and assess exploitability, risk, and remediation paths
- Analyze JavaScript and Java codebases to trace attack paths and validate security fixes
- Partner with engineering teams on defect tracking, patch validation, and remediation strategies
- Prepare clear, customer-facing security assessments for both technical and executive audiences
Requirements:
- 3+ years of experience in application security, penetration testing, bug bounty programs, or product security engineering
- Strong knowledge of OWASP Top 10 vulnerabilities including SSRF, IDOR, SQL injection, XSS, GraphQL abuse, and privilege escalation
- Hands-on experience with ACLs, scripted REST APIs, business rules, scoped apps, and data access patterns
- Ability to analyze and trace JavaScript and Java code, with strong technical reporting and CVSS scoring expertise