Lead Application Security Engineer
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Lead Application Security Engineer based in United States.
This role offers the opportunity to shape application security practices within a highly innovative, AI-driven technology environment.
The Lead Application Security Engineer will help embed security throughout the software development lifecycle by building scalable, automated, and intelligent security solutions.
You will collaborate with engineering, product, DevOps, QA, and AI platform teams to identify risks and strengthen security capabilities.
The position focuses on proactive defense, secure-by-design practices, threat modeling, vulnerability management, and security automation.
You will influence security maturity by introducing modern approaches to application protection and AI-enabled risk analysis.
This is a high-impact role for an experienced security professional who enjoys solving complex challenges and enabling teams to innovate securely.
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Lead Application Security Engineer based in United States.
This role offers the opportunity to shape application security practices within a highly innovative, AI-driven technology environment.
The Lead Application Security Engineer will help embed security throughout the software development lifecycle by building scalable, automated, and intelligent security solutions.
You will collaborate with engineering, product, DevOps, QA, and AI platform teams to identify risks and strengthen security capabilities.
The position focuses on proactive defense, secure-by-design practices, threat modeling, vulnerability management, and security automation.
You will influence security maturity by introducing modern approaches to application protection and AI-enabled risk analysis.
This is a high-impact role for an experienced security professional who enjoys solving complex challenges and enabling teams to innovate securely.
Accountabilities:
- Lead AI-assisted threat modeling and security validation across applications, APIs, cloud environments, data platforms, and AI/ML systems.
- Perform and enhance automated security reviews using tools such as SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and container security solutions.
- Partner with engineering teams to integrate security testing, automated controls, and risk detection capabilities into CI/CD pipelines.
- Build scalable security automation, reusable controls, and policy-as-code solutions that enable secure development practices.
- Analyze emerging application, cloud, API, and AI security threats, including risks related to prompt injection, data poisoning, model abuse, and sensitive data exposure.
- Support proactive defense initiatives through vulnerability analysis, threat intelligence, attack pattern evaluation, and security improvement programs.
- Develop secure coding guidance, documentation, playbooks, and enablement resources to promote security awareness across engineering teams.
- Collaborate with cross-functional stakeholders to improve security metrics, remediation processes, and overall security maturity.
- Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent professional experience.
- 5+ years of experience in Application Security, DevSecOps, Security Engineering, or Secure Software Development.
- Strong knowledge of OWASP Top 10, SANS CWE Top 25, secure design principles, and application threat modeling.
- Experience with AI/ML security concepts, including prompt injection, adversarial testing, model integrity, and AI supply-chain risks.
- Experience creating or integrating AI-assisted security workflows, automation solutions, security bots, or risk scoring systems.
- Hands-on experience with security testing and automation tools such as Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security, or similar platforms.
- Knowledge of modern application architectures, including React, Node.js, Django, FastAPI, APIs, microservices, authentication, and authorization mechanisms such as OAuth2, OIDC, and JWT.
- Experience securing cloud environments such as AWS, GCP, or Azure, along with containerized technologies including Docker and Kubernetes.
- Ability to analyze security findings, prioritize risks, and provide actionable remediation recommendations.
- Strong communication, collaboration, and problem-solving skills with the ability to work effectively across technical and business teams.
- Preferred experience with policy-as-code, infrastructure-as-code security, CI/CD security controls, security automation frameworks, or relevant certifications such as OSCP, GWAPT, CSSLP, cloud security certifications, or AI security certifications.
- Competitive salary range of $140,000 - $180,000 USD, depending on location and experience.
- Unlimited paid time off policy.
- Comprehensive medical, dental, and vision insurance coverage.
- Employee equity opportunities.
- Employee discounts and additional wellness benefits.
- Virtual wellness classes and pet insurance options.
- Opportunity to work remotely while contributing to innovative security initiatives.
- Collaborative environment focused on inclusion, trust, and professional growth.
The Lead Application Security Engineer will be responsible for advancing application security capabilities by integrating automation, AI-driven practices, and secure engineering principles across technology teams. This role combines strategic security leadership with hands-on engineering execution to reduce risks, improve developer workflows, and strengthen the organization’s security posture.
Requirements:
The ideal candidate is an experienced application security professional with strong technical expertise in secure software development, automation, and modern cloud environments. You should be comfortable working across engineering teams, translating security risks into practical solutions, and driving security improvements at scale.