Security engineer, application security
Writer
Cloud
Security engineer, application security
Writer
full-time
Posted on:
Origin: • 🇺🇸 United States • California
Visit company websiteJob Level
SeniorLead
Tech Stack
Cloud
About the role
- About this role: WRITER is seeking an Application Security Engineer with deep expertise in AppSec, DevSecOps automation, and red team operations to secure our AI and AGI applications.
- Build pipeline security (pre-deployment phase) — security gates and checks in CI/CD; container scanning in build phase; vulnerability discovery.
- Conduct advanced application penetration testing on AI applications, APIs, and model endpoints.
- Automate security testing at scale with SAST, DAST, and SCA.
- Lead application-layer red team exercises.
- Hunt and validate vulnerabilities; provide remediation guidance.
- Advise on security architecture; collaborate across Cloud/Infrastructure, AI Security, and Detection & Response.
- Is this you? — 8+ years in app security; 5+ years pentesting; etc.
- Describe your fit with WRITER values (Connect, Challenge, Own).
Requirements
- 8+ years in application security, with a strong focus on hands-on testing.
- 5+ years conducting penetration tests and security assessments.
- Proven record of finding and exploiting critical vulnerabilities.
- Deep experience integrating security into DevOps workflows and CI/CD pipelines.
- Strong programming skills for exploit development and security automation.
- Expertise in web application and API security, including cloud-native architectures.
- Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts).
- Skilled in SAST, DAST, and SCA tools.
- Strong understanding of application-layer attack techniques and exploitation.
- Experience with supply chain security and build pipeline hardening.
- Demonstrated ability to identify vulnerabilities others miss.
- Proven track record of automating security testing in fast-paced development cycles.
- Ability to translate red team findings into concrete defensive measures.
- History of effective collaboration with engineering teams.
- Background in software development or DevOps.
- Experience testing AI/ML applications.
- Security certifications such as OSCP, OSWE, or GWAPT.
- Published security research or CVEs.
- Experience with purple team operations.
Similar jobs on JobTailor
Staff Penetration Tester
Cloudera
AWSAzureCloudGoogle Cloud PlatformHDFSJavaScriptKubernetesOpen SourcePythonSDLC
Senior Product Security Engineer, Assessments
Coinbase
CloudCyber SecurityGoJavaScriptOpen SourcePythonRubyWeb3
Application Security Architect
WorkWave
AWSAzureCloudDockerGoJavaJavaScriptKubernetesMicroservicesNode.jsPythonSDLC+3 more
Senior Application Security Engineer
Rain
AWSAzureCloudCyber SecurityGoGoogle Cloud PlatformGrafanaJavaScriptKubernetesMicroservicesNode.jsPython+3 more