Application Security Engineer
Raptor Technologies
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇺🇸 United States
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
CloudJenkinsServiceNow
About the role
- Perform application security testing (SAST, DAST, SCA, and manual validation) to identify vulnerabilities in web, API, and SaaS applications
- Validate reported vulnerabilities from internal scans, bug bounty programs, and third-party testing vendors (e.g., NetSPI, BugCrowd, HackerOne)
- Partner with development and DevOps teams to triage, remediate, and verify fixes for confirmed issues
- Manage and track SLOs for vulnerability response and remediation in alignment with security SLAs
- Configure, optimize, and maintain the latest AppSec tools and integrations, including but not limited to:
- SAST: Checkmarx, Veracode, GitHub Advanced Security
- DAST: Burp Suite, Invicti, OWASP ZAP
- SCA/Dependency Management: Snyk, Mend, or Dependabot
- Cloud/SaaS Security: Wiz, Orca, Netskope
- Collaborate with DevSecOps to integrate automated testing into CI/CD pipelines
- Maintain dashboards, reports, and KPIs to track open vulnerabilities, SLO compliance, and remediation progress
- Support compliance and audit activities related to application security (SOC 2, ISO 27001, PCI)
- Contribute to secure coding guidelines, security training, and awareness programs for developers
- Stay current on emerging threats, tools, and best practices within the AppSec ecosystem
Requirements
- 5+ years of experience in application security, penetration testing, or secure software development
- Strong understanding of OWASP Top 10, CWE, and common web application vulnerabilities
- Hands-on experience with AppSec toolchains (SAST, DAST, SCA, IAST, and container scanning tools)
- Ability to perform manual testing to confirm and validate automated findings
- Experience with CI/CD pipelines (GitHub Actions, Jenkins, GitLab CI) and security integrations
- Experience tracking and managing vulnerabilities in JIRA, ServiceNow, or similar platforms
- Familiarity with SaaS security, OAuth, and API testing frameworks (Postman, Insomnia)
- Strong documentation, communication, and cross-functional collaboration skills
Benefits
- Remote-first philosophy
- Flexible paid time off
- Paid parental leave
- 11 Paid holidays per year
- Workplace flexibility
- Affordable health coverage (medical, dental, vision), paid 100% for employee only medical
- 401(k) employer contribution to help you plan for the future
- Company paid life insurance, STD, and LTD
- Pet insurance
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
application security testingSASTDASTSCAmanual validationpenetration testingsecure software developmentvulnerability managementsecure coding guidelinesAPI testing
Soft skills
documentationcommunicationcross-functional collaboration
Certifications
SOC 2ISO 27001PCI