Application Security Engineer
About The Position
As an Application Security Engineer at Bonterra, you will help support the security of our web applications and APIs by working closely with engineering, DevOps, and security teams. In this role, you’ll focus on identifying and helping remediate application security risks, supporting secure development practices, and contributing to application security tooling and processes that enable teams to ship software safely and efficiently. This role is well suited for an application security engineer with a few years of hands-on experience who is comfortable executing security testing activities, analyzing findings, and collaborating with development teams, while continuing to grow depth in areas such as cloud security, automation, and secure design. This role is scoped as a mid-level Application Security Engineer position with opportunities to grow into senior application or product security roles over time.
Requirements
- 3+ years of experience in application security, product security, or secure software development.
- Experience with manual web application penetration testing.
- Experience securing modern web applications and APIs.
- Strong understanding of web application vulnerabilities, their root causes, and common remediation approaches.
- Ability to review application source code as needed to support vulnerability triage and testing activities.
- Proficiency in at least one programming language (e.g., Java, Python, JavaScript/TypeScript, C#, or Go).
- Experience working with CI/CD pipelines and modern development workflows.
- Familiarity with security testing tools such as SAST, DAST, and SCA.
- Strong communication skills and ability to work collaboratively with engineering teams.
Nice To Haves
- Exposure to threat modeling concepts and secure design practices.
- Previous software development or application design experience.
- Familiarity with cloud environments and basic AWS security concepts.
- Basic knowledge of identity and access management concepts (OAuth, OIDC, JWT)
- Exposure to PCI DSS or regulated environments.
Responsibilities
- Work with engineering teams to help integrate application security best practices into the software development lifecycle (SDLC), including secure coding guidance.
- Support secure CI/CD pipelines by collaborating with DevOps and cloud teams on existing security controls and workflows.
- Identify, assess, and help prioritize vulnerabilities in web and API-based applications, providing guidance to engineering teams on remediation.
- Perform manual web application penetration tests using established methodologies and tools.
- Assist with proof-of-concept demonstrations for select security findings to help teams understand impact and remediation.
- Perform application code reviews as needed.
- Review and triage SAST, SCA and DAST scan results.
- Track and manage application security findings, supporting remediation efforts and verification of fixes.
- Support incident response efforts related to application security issues.
- Provide guidance to engineering teams on common web application vulnerabilities such as OWASP Top 10.
- Develop and implement scripts and workflows to streamline operations and reduce manual effort.
- Automating security processes and developing methods for analyzing and responding to security findings.
- Assist with documenting secure coding standards and common remediation patterns.
- Stay current on emerging threats, vulnerabilities, and application security trends.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
