Application Security Engineer
First Stop Health
full-time
Posted on:
Location Type: Remote
Location: Illinois • United States
Visit company websiteExplore more
About the role
- Responsible for designing, implementing, and maintaining application security practices across the organization
- Partner closely with engineering, DevOps, and the broader Information Security team
- Embed security into the software development lifecycle (SDLC)
- Ensure applications are resilient against evolving threats
- Apply deep knowledge of application security architecture and design principles
- Review application architectures to identify security risks and recommend appropriate controls and mitigation strategies
- Design and implement secure coding standards, guidelines, and patterns aligned with industry best practices
- Lead and support the implementation of a secure SDLC
- Ensure security requirements are consistently applied across cloud, web, mobile, and API-based applications
- Perform and facilitate threat modeling exercises with development teams
- Conduct risk assessments and provide actionable guidance to reduce application-level security risk
- Lead application security assessments, including static and dynamic analysis, architecture reviews, and manual testing
- Perform and oversee code reviews to identify security vulnerabilities and design flaws
- Serve as a trusted security advisor to development teams
- Develop and deliver security training and awareness content for developers and technical stakeholders
- Monitor relevant threat intelligence sources related to application and software supply chain risks
Requirements
- Preferred Bachelor’s degree or equivalent practical experience
- Preferred Security+, Certified Application Security Engineer (CASE), Certified Secure Software Engineer Lifecycle Professional (CSSLP), etc.
- 5 - 8 years in information security, IT, or related technical roles
- Strong understanding of application security architecture, design principles, and secure coding practices
- Experience securing CI/CD pipelines and DevOps workflows
- In-depth knowledge of security best practices and industry standards (e.g., OWASP Top 10, CWE, NIST, ISO-aligned controls)
- Experience implementing and operating a secure SDLC in modern development environments
- Ability to conduct complex security assessments, including manual code reviews and architecture analysis
- Experience leading security assessments and penetration testing engagements
- Working knowledge of threat modeling methodologies and risk assessment techniques
- Strong knowledge of security principles and technologies (e.g., encryption, authentication, firewalls, IDS/IPS, incident response, EDR, etc.)
- Hands-on experience with SAST, DAST, SCA technologies such as Snyk, GitHub Advanced Security, etc.
- Familiarity with cloud platforms (AWS, Azure, or GCP) and associated security features and configurations
- Understanding regulatory standards (GDPR, HIPAA, PCI-DSS, ISO 27001) and how they impact operations
- Strong analytical and problem-solving skills; able to identify risks and propose effective mitigations
- Excellent communication and collaboration skills
Benefits
- health and medical coverage options
- dental and vision coverage
- disability and life coverage
- medical waiver allowance
- remote-first work environment
- flexible paid time off, including Summer Fridays
- employer match 401k plan
- monthly phone stipend
- First Stop Health membership benefit
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysecure coding practicessecurity assessmentspenetration testingthreat modelingrisk assessmentstatic analysisdynamic analysisCI/CD securitysecure SDLC
Soft Skills
analytical skillsproblem-solving skillscommunication skillscollaboration skillsleadership skillsadvisory skillstraining skillsguidance skillsorganizational skillsinterpersonal skills
Certifications
Security+Certified Application Security Engineer (CASE)Certified Secure Software Engineer Lifecycle Professional (CSSLP)