Apply Now

Application Security Engineer

Remote • Posted 1 hour ago • Updated 1 hour ago

Contract W2

Remote

$70 - $75/hr

Fitment

Dice Job Match Score™

🧠 Analyzing your skills...

Job Details

Skills

ServiceNow
OWASP
ACL
GraphQL
Java
JavaScript

Summary

Job Summary:

You will join the Global Security Support Center (GSSC) Application Security team, which is responsible for managing the entire lifecycle of security findings reported by customers and penetration testers. This is a hands-on role that requires a deep understanding of security issues. You will triage real vulnerability reports, configure the ServiceNow instance to reflect the customer's setup, communicate directly with enterprise customers, and dive into the platform-level code to validate and assess security concerns.
As a trusted security advisor, you will handle high-impact security vulnerabilities, investigate internal systems for duplication or remediation plans, and track security issues in collaboration with engineering teams. You will also demonstrate risk levels to implement appropriate risk mitigation controls.

What You'll Do:

Triage security findings submitted via customer channels validate exploitability, assess scope, assess risk, and determine remediation path.
Analyze platform-level vulnerabilities across web, API, and server-side attack surfaces (SSRF, IDOR, blind query injection, SQLi, XSS, GraphQL abuse, privilege escalation, etc).
Write customer-facing security assessments technically enough to satisfy CISO, clear enough for an account team to deliver.
Coordinate with engineering on defect filing, backport decisions, and patch validation.
Reproduce and verify reported vulnerabilities in lab environments (PDI/cloud instances/Local).
Review code (JavaScript/Java) to trace attack paths and validate fix completeness.

Skills: Required:

Comfortably navigate a ServiceNow instance and reason about security in the Now Platform context.
Understand key platform mechanisms: ACLs/roles, scoped apps, business rules, scripted REST APIs, and data access patterns (GlideRecord/Table API).
Mirror a customer scenario in a lab tenant to reproduce and validate reported issues.
Trace the relevant server-side/client-side code path and clearly communicate scope and impact (what is and isn't affected).
3+ years in application security pentesting, bug bounty, or product security engineering.
Strong working knowledge of OWASP Top 10 and beyond: prototype pollution, server-side injection, SSRF, IDOR, GraphQL attack surface.
Ability to read and trace code across JavaScript and Java codebases
Experience writing technical security reports for both engineering and executive audiences.
CVSS scoring fluency not just the number, but the reasoning

Nice to Have:

Advanced ServiceNow platform experience (e.g., custom app development or deep familiarity with the ACL model and scoping boundaries)
Background in customer-facing security roles or managed security services
Familiarity with bug bounty programs (HackerOne, Bugcrowd) from the triage side
Security certifications (GWEB, GWAPT, OSCP, or equivalent)

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: 90941473
Position Id: 8965967
Posted 1 hour ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Sr.ApplicationSecurityEngineer

Remote

•

Today

Sr. Application Security Engineer (Remote role) Seeking an Application Security professional with experience triaging and validating security vulnerabilities across web, API, and server-side platforms. Responsibilities include reproducing customer-reported issues, assessing exploitability and risk, reviewing JavaScript/Java code, coordinating remediation with engineering teams, and preparing technical security assessments for both technical and executive audiences. Required Skills: 10+ years in

Easy Apply

Contract

$85 - $95

Application Security Engineer

Remote

•

Today

About the Role: You will join the Global Security Support Center (GSSC) Application Security team, which is responsible for managing the entire lifecycle of security findings reported by customers and penetration testers. This is a hands-on role that requires a deep understanding of security issues. You will triage real vulnerability reports, configure the Client instance to reflect the customer's setup, communicate directly with enterprise customers, and dive into the platform-level code to val

Easy Apply

Contract

Depends on Experience

Senior Application Security Engineer

Remote

•

Today

A global energy company is looking to bring on a hands on a Senior Application Security Engineer to be part of a team building out their AppSec program from the ground up. This role is highly technical, and requires candidates with previous experience working in OT and/or embedded/software product environments. You'll perform code reviews, conduct SAST/DAST/SCA scans, identify vulnerabilities in software, firmware, and OT systems, while supporting product security incident response activities. Y

Easy Apply

Contract

$70 - $85

Senior Application Security / Product Security Engineer

Remote

•

Today

Easy Apply

Contract

$70 - $90

Search all similar jobs