Application Security Engineer II

Abnormal Security

Application Security Engineer II at Abnormal AI building secure AI-powered cybersecurity applications. Leading security architecture reviews, mentoring engineers, and integrating security in software development.

Posted 5/22/2026full-timeRemote • 🇺🇸 United StatesMid-LevelSenior💰 $130,100 - $187,000 per yearWebsite

Tech Stack

Tools & technologies

CloudGoJavaJavaScriptLinuxMicroservicesPythonTypeScript

About the role

Key responsibilities & impact

Lead threat modeling and security architecture reviews with engineering teams by translating security risks into development actions.
Architect, build, and maintain security tooling and integrations that enable secure development workflows (e.g., SAST, DAST, SCA, IAST tools).
Collaborate with Engineering, DevOps, and Platform teams to build scalable security controls via Infrastructure-as-Code and secure CI/CD pipelines.
Design and deploy automated security testing frameworks to identify vulnerabilities early in the development process.
Serve as a hands-on technical contributor during security incidents by analyzing application-level behavior and enhancing response processes.
Mentor and support junior engineers on secure coding practices, security architecture, and security tooling integrations.
Evaluate and uplift application security tooling across commercial and open-source capabilities by focusing on scale, efficiency, and precision.
Define and track key security posture metrics, building dashboards or reports to visualize security coverage and vulnerability trends.
Partner with engineering teams to implement and maintain security controls across applications and services.
Stay current with emerging AI/ML security threats, evaluating them for business applicability and integration.

Requirements

What you’ll need

4 - 6 years' proven experience in application security engineering roles, ideally in cloud-native environments with modern development practices.
Hands-on experience with security testing tools (SAST, DAST, SCA, IAST) and working knowledge of security automation in CI/CD pipelines.
Strong programming skills in Python, Go, Java, or JavaScript/TypeScript; proficiency with Git, Linux, and modern development frameworks.
Expertise in web application security including OWASP Top 10, authentication/authorization, cryptography, and secure API design.
Experience with threat modeling frameworks (STRIDE, PASTA, LINDDUN) and security architecture review processes.
Comfortable investigating application logs, tracing security events, and contributing to incident analysis workflows.
Proven ability to influence and collaborate cross-functionally with engineering, DevOps, and product teams.
Strong written communication and documentation skills and being able to convey complex security concepts clearly.
Background with securing modern application architectures including microservices, containers, and cloud-native applications.

Benefits

Comp & perks

Actual compensation will be determined based on several non-discriminatory factors including skills, experience, qualifications, and geographic location.
In addition to base salary, this role may be eligible for bonus or incentive compensation, equity, and a comprehensive benefits package.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

application security engineeringsecurity testing toolsSASTDASTSCAIASTPythonGoJavaJavaScript

Soft Skills

mentoringcollaborationinfluencewritten communicationdocumentationproblem-solvinganalytical skillscross-functional teamworktechnical contributionsecurity concept communication