Title: Developer – Mastery (Application Security Engineer)

Location: Springfield, MA or Boston, MA

Type: Hybrid (3 days onsite per week)

Duration: 05/27/2025 – 12/31/2025

Perks: Competitive Rates, Benefits, free daily lunch when onsite

Job Description

We are looking for a seasoned Application Security Engineer to lead and advance our application security efforts. In this key role, you will be responsible for strengthening the security, resilience, and compliance of our web applications by integrating best practices throughout the software development lifecycle.

This position is perfect for someone who excels at identifying and remediating vulnerabilities, performing threat modeling, and championing a security-first mindset across engineering teams.

Key Responsibilities

• Lead application security initiatives to ensure web applications are designed, developed, and maintained to withstand current and emerging threats.
• Perform code vulnerability analysis using both automated tools and manual techniques, and deliver actionable remediation guidance to development teams.
• Drive and execute threat modeling exercises to proactively uncover risks, potential attack vectors, and system weaknesses.
• Partner closely with developers to integrate security best practices throughout the Software Development Life Cycle (SDLC), from initial design through deployment.
• Collaborate with engineering and SDLC governance teams to develop, publish, and maintain secure coding standards.
• Work with DevOps teams to integrate security controls into CI/CD pipelines, enabling automated and continuous security enforcement.
• Use tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) for comprehensive security testing.
• Assess and secure third-party applications and APIs to ensure they meet internal security requirements.
• Monitor evolving threat landscapes and continuously enhance security tools, processes, and standards to stay ahead of risks.
• Provide hands-on technical leadership and guidance during application-related security incidents.
• Generate and report on application security metrics, including Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs), to support informed risk management decisions.
  
  

Must-Have Qualifications

• 8+ years of experience in application security, software development, or penetration testing.
• Deep expertise in web application security, including OWASP Top 10 and common attack vectors.
• Proven experience with identifying, assessing, and remediating code vulnerabilities.
• Strong knowledge and hands-on experience in threat modeling methodologies (e.g., STRIDE, PASTA).
• Proficiency in at least one programming language (e.g., JavaScript, Java, Python, etc.).
• Experience implementing security in CI/CD pipelines and DevOps environments (DevSecOps).
• Familiarity with secure coding frameworks and tools (e.g., SAST, DAST, IAST, SCA).
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
  
  

Preferred Qualifications

• Industry certifications such as OSCP, CEH, CISSP, GWAPT, etc.
• Experience with cloud security (AWS, Azure, GCP), containerized environments (Docker, Kubernetes), and infrastructure as code (Terraform, CloudFormation).
• Knowledge of compliance frameworks like SOC 2, NIST, or ISO 27001