Application Security Engineer / 1st hire

A large HR and consulting company is looking for an Application Security Engineer with a strong background in development, code assessments, and pen testing. You'll be the first App Sec hire and oversee the company's internal applications so previous experience in a small security team, overseeing enterprise environments is a big plus. You'll integrate security into the SDLC, conduct security assessments, identify and mitigate vulnerabilities, develop security policies and standards, and lead threat modeling initiatives and risk assessments.

deal candidates have experience with SAST and DAST tooling, conducting code reviews, working closely with development teams, scanning vulnerabilities, and cloud technologies.

This role is fully remote. Required Skills & Experience

• 4+ years of experience in application security
• Deep understanding of security vulnerabilities, including familiarity with OWASP Top 10, SANS CWE, and the CVE database.
• Proficiency with security testing tools such as Burp Suite, OWASP ZAP, or SonarQube.
• Experience with secure development frameworks and methodologies (e.g., DevSecOps, Agile).
• Strong communication skills, capable of explaining complex security concepts to technical and non-technical audiences alike.
• Relevant certifications (e.g., CISSP, CEH, OSCP, CSSLP) are highly desirable.

The Offer
You will receive the following benefits:

• Medical, Dental, and Vision Insurance
• Vacation Time
• Stock Options

#LI-CC4