Application Security Engineer

TL;DR

Application Security Engineer: Supporting the security of web applications and APIs by identifying and remediating application security risks, and supporting secure development practices. Focus on secure CI/CD pipelines, vulnerability management, and automating security processes.

Location: Remote, United States

Salary: $76,000 - $95,000

Company

hirify.global exists to propel every doer of good to their peak impact.

What you will do

• Integrate application security best practices into the software development lifecycle (SDLC), including secure coding guidance.
• Support secure CI/CD pipelines by collaborating with DevOps and cloud teams on existing security controls and workflows.
• Identify, assess, and help prioritize vulnerabilities in web and API-based applications, providing guidance to engineering teams on remediation.
• Perform manual web application penetration tests and application code reviews as needed.
• Track and manage application security findings, supporting remediation efforts and verification of fixes.
• Develop and implement scripts and workflows to streamline operations and reduce manual effort and assist with documenting secure coding standards.

Requirements

• 3+ years of experience in application security, product security, or secure software development.
• Experience with manual web application penetration testing and securing modern web applications and APIs.
• Strong understanding of web application vulnerabilities, their root causes, and common remediation approaches.
• Ability to review application source code as needed to support vulnerability triage and testing activities.
• Proficiency in at least one programming language (e.g., Java, Python, JavaScript/TypeScript, C#, or Go).
• Experience working with CI/CD pipelines and modern development workflows.
• Familiarity with security testing tools such as SAST, DAST, and SCA.
• Strong communication skills and ability to work collaboratively with engineering teams.

Nice to have

• Exposure to threat modeling concepts and secure design practices.
• Previous software development or application design experience.
• Familiarity with cloud environments and basic AWS security concepts.
• Basic knowledge of identity and access management concepts (OAuth, OIDC, JWT)
• Exposure to PCI DSS or regulated environments.

Culture & Benefits

• Fostering an inclusive, equitable culture where every team member belongs and contributes to meaningful impact.
• Comprehensive benefits package that supports your health, well-being and growth