Application Security Engineer - Sunnyvale, CA/Austin, Tx

Overview

On Site
$70,000 - $135,000
Full Time

Skills

Amazon EC2
Communication
Computer Networking
Java
LAMP
Linux
Load Balancing
Amazon RDS
Amazon S3
Amazon Web Services
Articulate
Artificial Intelligence
MEAN Stack
Machine Learning (ML)
Migration
Mobile Applications
Network Design
Privacy
Python
Remote Desktop Services
Research
Routing
Ruby
OS X
OWASP
Objective-C
PHP
Penetration Testing
Perl
Presentations
Stacks Blockchain
TCP/IP
TLS
Testing
Threat Modeling
Unix
SSL
Scripting Language
Security QA
Software Architecture
Software Security
Vulnerability Management
Web Applications
Web Testing

Job Details

Job Description

Specialized expertise in application security testing, secure architecture, and vulnerability management across a variety of enterprise environments.

Key Responsibilities

  • Perform manual web application and mobile penetration testing.
  • Identify, validate, and prioritize vulnerabilities, delivering actionable remediation and migration recommendations.
  • Conduct code assisted reviews, architecture assessments, and threat modeling exercises.
  • Research emerging vulnerabilities, exploit techniques, and security technologies to proactively improve defenses.
  • Develop and deliver clear, comprehensive reports and presentations for technical and non-technical audiences.
  • Assess and secure applications and services that incorporate AI/ML models or LLM-based functionality.
  • Evaluate AI system components (data inges4on, model APIs, inference endpoints) for security and privacy risks.

Required Qualifications:

  • 5+ years of experience as an Application Security Engineer, Principal Security Consultant, or Senior Penetration Tester in an enterprise

environment.

  • Proven experience manually testing web applications and performing enterprise-level penetration testing.
  • Strong understanding of Web and Mobile application security testing, methodologies, and common vulnerabilities.
  • Proficiency in at least one scripting language (Python, Perl, Ruby, PHP) and one programming language (Java, Objective-C).
  • Proficiency with Mac OS X and/or UNIX/Linux systems.
  • General understanding of secure network architecture and design, including segmentation, ACLs, and secure communication protocols.
  • General knowledge of common web technology stacks (LAMP, LEMP, MEAN, etc.) and their associated security considerations.
  • General understanding of AWS services (EC2, S3, KMS, RDS) and security best practices relevant to those services.
  • Ability to explain basic networking concepts (routing, load balancing, SSL/TLS, TCP/IP) to support secure application architecture reviews.
  • Ability to ascertain and clearly articulate the size and scope of security assessments and penetration testing engagements.
  • Solid understanding of the OWASP Top 10 and CWE Top 25 vulnerabilities (e.g., XXE, XSS, SQLi, SSRF).
  • Strong communication skills both written and verbal with the ability to convey complex technical issues to diverse audiences.
  • Demonstrated passion for continuous learning, vulnerability research, and staying ahead of evolving threat landscapes.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.