Application Security Engineer
This role conducts comprehensive security reviews and threat modeling across AI-native platforms and data infrastructure, identifying vulnerabilities in applications that power enterprise AI agents, LLM systems, and knowledge graphs. What distinguishes Application Security Engineers from broader security roles is their focus on embedding security into the development lifecycle itself—through code reviews, secure design practices, and CI/CD integration—rather than conducting external assessments alone. These engineers typically sit within dedicated product or application security teams that partner closely with engineering organizations, translating security requirements into developer-friendly practices and tooling that enable teams to ship secure code at scale.
Skills
What companies are looking for in this role.
Conducting threat modeling and security architecture reviews to identify and mitigate design-level risks
Performing comprehensive code reviews and static analysis to identify security vulnerabilities
Designing and implementing security controls and tooling integrated into CI/CD pipelines
Managing vulnerability lifecycle including intake, triage, validation, and remediation coordination
Establishing and maintaining secure coding standards and best practices across engineering teams
Conducting dynamic and static application security testing and analysis
Designing secure defaults and patterns to reduce security issues at the architectural level
Securing cloud-native architectures and containerized deployments
Writing and deploying exploit code and proof-of-concepts to validate vulnerabilities
Developing security features and products that improve customer security posture
Securing APIs and web applications against common attack vectors
Assessing exploitability and prioritizing security findings based on risk rather than CVE scores alone
Managing security incident response and coordinating with operations teams
Operating bug bounty programs and coordinated vulnerability disclosure processes
Establishing and tracking vulnerability remediation SLAs and security metrics
Conducting offensive security assessments including penetration testing and red team exercises
Implementing and maintaining fuzzing and dynamic testing frameworks to discover vulnerabilities
Building developer-focused security tooling and guardrails that integrate into modern workflows
Securing AI and machine learning systems including model protection and training data pipelines
Securing AI agents and agentic systems in development and deployment
Implementing software supply chain security controls including artifact signing and provenance tracking
Generating and maintaining Software Bills of Materials for supply chain transparency
Collaborating with cross-functional teams including engineering, infrastructure, and product to embed security in development workflows
Communicating security risks and remediation guidance to non-security technical teams
Mentoring and educating developers on secure coding practices and security architecture
Technology
The tools and technologies that define this role.
Open Jobs
38 open Application Security Engineer jobs across 21 companies.
Other Security roles
Secures cloud infrastructure, networks, and systems.
Generalist security engineering role spanning multiple security domains. For security engineers who work across application, infrastructure, and cloud security without a single dominant specialization. The default home for "Security Engineer" titles when the function is clearly Security.
Builds detection systems, investigates security incidents, and leads incident response efforts.
Conducts offensive security assessments including red teaming, penetration testing, and adversarial simulation.
Designs and maintains identity infrastructure, authentication systems, and access control policies.