Application Security Engineer
This role conducts comprehensive security reviews and threat modeling across AI-native platforms and data infrastructure, identifying vulnerabilities in applications that power enterprise AI agents, LLM systems, and knowledge graphs. What distinguishes Application Security Engineers from broader security roles is their focus on embedding security into the development lifecycle itself—through code reviews, secure design practices, and CI/CD integration—rather than conducting external assessments alone. These engineers typically sit within dedicated product or application security teams that partner closely with engineering organizations, translating security requirements into developer-friendly practices and tooling that enable teams to ship secure code at scale.
Skills
What companies are looking for in this role.
Performing secure code review and static code analysis to identify vulnerabilities
Conducting threat modeling and security architecture reviews to identify design-level risks
Managing vulnerability identification, triage, prioritization, and remediation workflows
Designing and implementing secure software development lifecycle controls and processes
Architecting and maintaining security automation tooling for CI/CD pipelines
Establishing and implementing secure coding standards and best practices across engineering teams
Supporting regulatory compliance frameworks and audit processes across multiple standards
Evaluating and implementing software supply chain security measures including SBOM management
Collaborating with infrastructure and DevOps teams to build secure cloud and containerized environments
Responding to security incidents and providing technical analysis during breach response
Writing and reproducing proof-of-concept exploits to validate security findings
Managing bug bounty programs and coordinated vulnerability disclosure processes
Securing AI and machine learning systems including threat modeling for LLM architectures and training data pipelines
Designing security controls for AI agents and novel AI system attack surfaces
Implementing security controls for emerging AI-powered applications and infrastructure
Securing model deployment and protecting trained models on hardware platforms
Collaborating cross-functionally with product, engineering, and infrastructure teams to embed security early
Mentoring and educating engineers on secure coding practices and security architecture
Translating security requirements into actionable development tasks and mitigation strategies
Communicating security findings and risks to both technical and executive stakeholders
Thinking like an attacker while maintaining a builder mentality for secure solutions
Building developer-friendly security tools and libraries to reduce friction in secure coding
Operating with ownership mindset to drive security initiatives from conception to completion
Prioritizing security risks based on exploitability and real-world impact rather than textbook rules
Technology
The tools and technologies that define this role.
Open Jobs
29 open Application Security Engineer jobs across 21 companies.
Other Security roles
Secures cloud infrastructure, networks, and systems.
Generalist security engineering role spanning multiple security domains. For security engineers who work across application, infrastructure, and cloud security without a single dominant specialization. The default home for "Security Engineer" titles when the function is clearly Security.
Builds detection systems, investigates security incidents, and leads incident response efforts.
Conducts offensive security assessments including red teaming, penetration testing, and adversarial simulation.
Designs and maintains identity infrastructure, authentication systems, and access control policies.