Key skills
Web vulnerabilitiesWeb vulnerability remediationModern web frameworksAWSAzureGCPBurpSuitenmapMetasploitKali LinuxGrafanaOpensearchCS NextGen SIEMHTTP/HTTPSTCP/IPDNSHTMLJavaScriptAPIsPythonBashPowerShellWAF automationPenetration testingOWASP Top 10CSP rulesSecure CORS originsHSTS enforcementDockerKubernetesTerraformgitCI/CD pipelinesSecurity researchThreat intelligenceNetworking fundamentalsGitCI/CDOWASPPenetration TestingWAF
About this role
North is a US-based company seeking an Associate Application Security Engineer to join their security team. The role involves defending cloud infrastructure and web applications, conducting vulnerability assessments, and collaborating with engineering teams to enhance security measures.
Responsibilities:
- Application protection and defense, recommend configuration changes, adjustments and enhancements for web application protection controls and monitor for and report on abnormal events
- Coordinate with application and infrastructure teams to ensure effective protections and responses
- Conduct application assessments and security tests together with the testing team. Maintain, add, enhance, and expand the scope of application assessments and penetration tests
- Use augmented instruments and tools for application assessments and evaluations
- Document, triage and track vulnerabilities and exposures as well as assisting and advising on remediation
- Identify and track risks and exposures, create leads for assessments
- Document and maintain operational processes and procedures
Requirements:
- Bachelor of Science in Cybersecurity, Computer Science, or an allied technical discipline, complemented by equivalent professional expertise
- Experience with web vulnerabilities, web attack paths, and web vulnerability remediation in modern web frameworks
- Experience with cloud platforms (AWS, Azure, GCP) and their native security tools
- Experience with security testing tools such as BurpSuite, nmap, Metasploit, and security testing distributions such as Kali Linux
- Experience with data analysis and SIEM tools (e.g., Grafana, Opensearch, CS NextGen SIEM) for log analysis and monitoring
- Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs)
- Basic scripting knowledge using Python, Bash, and PowerShell
- Comfortable using terminals, scripting, and automation for WAF automation use-cases
- Ability to translate complex technical vulnerabilities, threat impact, and remediation urgency into actionable, risk-prioritized reports for both technical and non-technical stakeholders
- Relevant industry certifications and qualifications (e.g., CompTIA Security+, CEH, OSCP, or equivalent) are a plus
- Experience executing penetration testing aligned with OWASP Top 10 standards and modern browser security baselines
- Experience partnering with engineering teams on vulnerability remediation, including CSP rules, secure CORS origins, and HSTS enforcement
- Experience developing novel testing methodologies to bypass or harden application-layer defenses
- Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines
- Ability to refine automated security tools to reduce false positives and ensure continuous monitoring of critical web assets
- Experience conducting security research and threat intelligence to advance organizational defenses
- Knowledge of hardened security configurations including CSP rules, secure CORS origins, and strict HSTS enforcement