Job DescriptionJob Description Job Title: Application Security Specialist Location: Remote (USA-based) Job Type: Full-Time Department: Information Security / DevSecOps About the role: As an Application Security Specialist, you will play a critical role in integrating security practices into our software development lifecycle. You’ll work closely with engineering, DevOps, product, and QA teams to identify, remediate, and prevent vulnerabilities across web, mobile, and cloud-based applications. Your expertise will help shape a proactive security culture and ensure our products are secure by design. Key Responsibilities Collaborate with development teams to integrate security best practices into CI/CD pipelines. Conduct application threat modelling, architecture reviews, and code analysis to identify security gaps. Perform manual and automated application security assessments (SAST, DAST, IAST, SCA). Provide clear and actionable remediation guidance to development and product teams. Manage and triage vulnerability reports from internal tools and third-party sources (e.g., bug bounty programs, penetration testing). Develop and maintain secure coding guidelines and training for engineers. Stay current with emerging security threats, tools, and technologies. Lead security incident investigations related to application vulnerabilities and support root cause analysis. Contribute to the development of security standards, policies, and risk assessments. Requirements 3+ years of experience in Application Security, Secure Software Development, or similar roles. Strong knowledge of web application vulnerabilities (e.g., OWASP Top 10) and related mitigation techniques. Proficiency in at least one programming or scripting language (e.g., JavaScript, Python, Java, Go, Ruby). Experience with security testing tools like Burp Suite, OWASP ZAP, Veracode, Checkmarx, Snyk, or similar. Familiarity with DevSecOps practices and integrating security into CI/CD workflows (GitHub Actions, GitLab CI, Jenkins, etc.). Preferred Qualifications Industry certifications such as OSCP, GWAPT, CSSLP, CEH, or similar. Experience with container and Kubernetes security. Exposure to threat modelling tools like Microsoft Threat Modelling Tool or IriusRisk. Experience with API security testing tools (e.g., Postman, OWASP API Security Top 10). Benefits 100% Remote Work: Work from anywhere in the U.S. with flexible hours. Competitive Salary and performance-based bonuses. Comprehensive Benefits Package including medical, dental, and vision insurance. Generous Paid Time Off including vacation, sick leave, holidays, and volunteer time. Professional Development Support including certifications, training, and conference opportunities. Home Office Stipend to set up your ideal remote workspace. Inclusive Culture that values diversity, equity, and belonging. Equal Opportunities: We celebrate diversity and are committed to creating an inclusive environment for all employees regardless of race, color, religion, gender identity or expression, sexual orientation, national origin, disability, age, or veteran status.