What are the responsibilities and job description for the Application Security Engineer position at ZRG Careers?
Locations are: Boca Raton, FL / Seattle, WA / Woodbury, MN
Please only apply if you are currently near one of these locations.
The Application Security Engineer will report to the Staff Security Engineer and will be responsible for advancing application security capabilities as part of a DevSecOps operating model. This role focuses on embedding security controls, automation, and secure development practices directly into the software delivery lifecycle for cloud-based applications.
The Application Security Engineer will partner closely with software engineering, DevOps, and cloud teams to shift security left, improve vulnerability detection and remediation workflows, and reduce risk without slowing delivery. This position emphasizes hands-on application security engineering, security tooling integration, and developer enablement across applications deployed in AWS and Azure environments.
QUALIFICATIONS
• Bachelor’s degree in Computer Science, Information Systems, Engineering, or a related field
• 3–5 years of experience in application security, security engineering, or software engineering with a strong security focus
• Hands-on experience performing code reviews and application security testing across modern languages, frameworks, and APIs
• Experience working with application security tools such as SAST, DAST, and dependency scanning (e.g., GitHub Dependabot or similar)
• Strong understanding of OWASP Top 10, secure coding principles, authentication/authorization, and API security
• Practical experience supporting applications running in AWS and/or Azure cloud environments
• Familiarity with CI/CD pipelines, DevOps workflows, and DevSecOps concepts
• Ability to communicate security risks and remediation guidance clearly to developers and non-security stakeholders
• Strong analytical skills with the ability to balance security risk with delivery velocity
Preferred certifications include:
Security , CSSLP, GWAPT, GWEB, CEH, or other application security–focused certifications