Application Security Engineer (Remote, US)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Application Security Engineer in the United States.

This role is ideal for a security-focused engineer passionate about embedding security into every stage of the software development lifecycle. You will work closely with engineering, infrastructure, and platform teams to strengthen application security across modern cloud-native environments. The position combines offensive and defensive security practices, allowing you to influence secure design, vulnerability management, and incident response initiatives. You’ll play a key role in improving secure development standards, reducing production risk, and enabling developers to build secure software efficiently. The environment is collaborative, fast-paced, and highly technical, offering opportunities to work on enterprise-scale systems while shaping long-term security strategy and best practices. This fully remote opportunity provides strong career growth and exposure to cutting-edge application security technologies and methodologies.

Accountabilities

• Conduct threat modeling exercises and security architecture reviews for new and existing applications and services.
• Perform manual code reviews and collaborate directly with engineering teams to harden applications and improve secure coding practices.
• Implement and manage security testing tools including SAST, DAST, IAST, SCA, and secret-scanning solutions integrated into CI/CD pipelines.
• Drive vulnerability management processes including triage, prioritization, remediation tracking, and SLA enforcement.
• Design and promote secure-by-default frameworks, libraries, and development patterns for engineering teams.
• Lead red-team and purple-team exercises to identify application weaknesses and coordinate remediation efforts.
• Implement runtime protections such as WAF, RASP, abuse detection, and bot mitigation mechanisms.
• Define and enforce secure authentication, authorization, session management, and cryptographic standards.
• Partner with infrastructure and platform teams to secure containerized, Kubernetes, and cloud-based environments.
• Develop and deliver security awareness training, onboarding materials, and secure development guidance for engineering teams.
• Participate in security incident response related to application vulnerabilities and emerging threats.
• Maintain comprehensive technical documentation including architecture diagrams, operational procedures, and security standards.
• Stay informed on emerging vulnerabilities, exploit techniques, and evolving application security tooling.
  
  

Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or a related technical discipline.
• 5+ years of experience in application security, product security, or security engineering roles.
• Strong knowledge of the OWASP Top 10 and common web application vulnerability patterns.
• Hands-on experience reviewing code across multiple programming languages and technology stacks.
• Deep familiarity with SAST, DAST, SCA, IAST, and CI/CD-integrated security tooling.
• Strong understanding of authentication, authorization, encryption, and secure session management principles.
• Experience securing cloud-native and containerized infrastructures.
• Proficiency in at least one programming or scripting language for automation and tooling development.
• Strong communication and collaboration skills with both technical and non-technical stakeholders.
• Experience working in Agile software development environments alongside engineering teams.
• Certifications such as Offensive Security OSCP, OSCE, GWAPT, or CISSP are considered a plus.
• Familiarity with offensive security operations, bug bounty programs, AI/LLM security risks, or regulated environments is advantageous.
  
  

Benefits

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• 100% remote work opportunity within the continental United States.
• Competitive compensation package based on experience and qualifications.
• Full-time direct W2 employment with long-term project stability.
• Comprehensive medical, dental, and vision insurance coverage.
• Opportunity to work on modern cloud-native and enterprise-scale applications.
• Exposure to advanced security tooling, DevSecOps practices, and secure engineering initiatives.
• Collaborative and innovation-driven engineering culture.
• Career development opportunities through mentorship, technical ownership, and continuous learning.
• H1B transfer support available for qualified candidates currently holding valid H1B status.
  
  

How Jobgether Works

We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Why Apply Through Jobgether?

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.