Remote Application Security Engineer

Description:

• We are seeking an experienced Application Security Engineer to serve as a trusted partner to our software development teams.
• This role focuses on making our product secure by design, embedding security into how software is architected, written, deployed, and maintained.
• The position centers on application-layer and code-level security, working closely with developers to enable fast, confident delivery by providing meaningful, actionable security tooling and feedback.
• Responsibilities include leveraging modern AI-assisted techniques to accelerate vulnerability analysis, exploit chaining, and demonstration of actual risk.
• You will ensure engineering teams move faster while minimizing noise, prioritizing embedding guardrails into developer workflows rather than enforcement gates.

Requirements:

• Experience as an Application Security Engineer, Security Consultant, or Security-focused Software Engineer is required.
• A strong understanding of secure coding practices and common vulnerability patterns is necessary.
• The ability to apply common web application attack techniques and create proof-of-concept exploits to validate whether vulnerabilities are exploitable in our environment is essential.
• Proven ability to analyze exploit chains and demonstrate actual risk, leveraging AI to accelerate discovery and validation is required.
• Hands-on experience integrating security tooling into CI/CD pipelines is necessary.
• Familiarity with Ruby, Go, JavaScript/React, and related frameworks is required.
• Deep familiarity with OWASP guidance, including the OWASP Top 10, Application Security Verification Standard (ASVS), and Secure Coding Guidelines is essential.
• The ability to partner with DevOps to embed application security into CI/CD pipeline design and practices is required.
• You must be able to assess and communicate application risk in architectural and business context.
• Comfort demonstrating real-world exploits to technical and non-technical stakeholders is necessary.
• Excellent written and verbal communication skills in an async-first, remote environment are required.
• Preferred qualifications include experience leveraging and adapting open-source tools and frameworks for application security testing and validation, experience with API security testing and continuous monitoring, and experience building or maintaining secure development training programs.
• Security certifications (OSWE, OSCP, GIAC) are a plus but not required.

Benefits:

• Enjoy a competitive USD compensation, with a market-leading rate paid in U.S. dollars.
• Work 100% remotely from anywhere in your home country—no relocation required, no borders crossed.
• Our flexible PTO allows you to recharge on your own terms and when you need it the most.
• We honor your nation’s official holidays with paid time off, allowing you to celebrate what matters to you.
• Get a free, all-inclusive learning membership for you and your household, including 1-on-1 tutoring hours, unlimited on-demand classes, and access to our full suite of learning products and services.
• Gain exclusive access to cutting-edge AI tools that boost your productivity.
• Benefit from a feedback-rich, collaborative culture with regular training, peer reviews, and a team that treats every member as a vital collaborator and owner in our success.
• Your expertise will fuel an innovative platform used by learners around the world, allowing you to be part of something transformative.