Application Security Engineer

Position Summary:

We are seeking a motivated Application Security Engineer to join our cybersecurity team. This role will focus on improving the security of our applications through code reviews, secure development guidance, threat modeling, and vulnerability management. You’ll collaborate closely with development and DevOps teams to integrate security practices into the software development lifecycle (SDLC) and help ensure compliance with industry standards and best practices.

Key Responsibilities:

• Conduct application security assessments, including code reviews, static (SAST), dynamic (DAST), and software composition analysis (SCA).
• Perform threat modeling and risk assessments to identify potential security threats across web, mobile, and API-based applications.
• Collaborate with development and DevOps teams to design and implement secure coding practices and application security controls.
• Support the integration of automated security testing tools into CI/CD pipelines.
• Assist in developing and maintaining secure coding guidelines, frameworks, and best practices.
• Provide security-focused guidance during the design and development of new features, services, and applications.
• Help investigate and respond to application security incidents and vulnerabilities.
• Stay current with emerging application security threats, vulnerabilities, and technologies.
• Assist in delivering application security training and awareness sessions to development teams.
• Contribute to the development and enforcement of application security policies, standards, and guidelines.

Required Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience.
• 3-5  years of experience in application security, software development, or a related technical field.
• Solid understanding of web and mobile application architectures, API security, and common vulnerabilities (e.g., OWASP Top 10).
• Experience with security assessment tools such as SAST, DAST, and SCA.
• Proficiency in at least one programming or scripting language (e.g., Java, Python, JavaScript, C#, Go).
• Familiarity with secure coding practices, frameworks, and design patterns.
• Knowledge of authentication and authorization standards such as OAuth, JWT, and SAML.
• Exposure to cloud environments (AWS, Azure, or GCP) and understanding of cloud application security basics.
• Strong analytical and problem-solving skills with a security mindset.
• Excellent communication and collaboration skills to work effectively with cross-functional teams.

Preferred Qualifications:

• Experience contributing to the build or tuning of CI/CD pipelines with security testing integrated.
• Familiarity with regulatory standards and compliance frameworks (PCI DSS, HIPAA, GDPR) related to application security.
• Knowledge of threat modeling methodologies (e.g., STRIDE) or experience performing them.
• Participation in bug bounty programs or offensive security exercises is a plus.
• Relevant certifications such as CSSLP, GWAPT, OSWE, or similar (preferred but not required).

IMPORTANT NOTICE:
This position description is intended to describe the level of work required of the person performing in the role and is not a contract. The essential responsibilities are outlined; other duties may be assigned as needs arise or as required to support the organization. All requirements may be subject to reasonable accommodation to applicants and colleagues who need them for medical or religious reasons.

Click here for some insight into our culture!

The Baldwin Group will not accept unsolicited resumes from any source other than directly from a candidate who applies on our career site. Any unsolicited resumes sent to The Baldwin Group, including unsolicited resumes sent via any source from an Agency, will not be considered and are not subject to any fees for any placement resulting from the receipt of an unsolicited resume.