Mid Application Security Engineer

Connvertex Technologies Inc.

Job Location:

San Francisco, CA - USA

Monthly Salary: Not Disclosed

Posted on: 4 hours ago

Vacancies: 1 Vacancy

Job Summary

RESPONSIBILITIES

Perform application security assessments including manual code review SAST DAST SCA and targeted penetration testing.
Lead threat modeling sessions for new features architectural changes and AI/LLM-backed workflows with customer product and engineering teams.
Integrate security tooling (Semgrep Snyk CodeQL GitHub Advanced Security Burp Suite) into CI/CD pipelines (GitHub Actions GitLab CI Jenkins) with minimal developer friction.
Triage track and drive remediation of findings across web mobile and API surfaces with developer-friendly workflows and SLAs.
Design and maintain secure coding standards authentication and authorization patterns (OAuth 2.0 SAML JWT) and training materials for customer development teams.
Evaluate third-party libraries vendor integrations and open-source dependencies for supply chain and security risk.
Support incident response activities and contribute to post-incident analysis with a focus on application-layer root cause.
Write and maintain documentation runbooks and architecture decision records (ADRs) for AppSec tooling coding standards and remediation playbooks.

QUALIFICATIONS

3 to 5 years of experience in application security penetration testing or secure software development.
Strong knowledge of OWASP Top 10 CWE and common web and API vulnerability classes.
Hands-on experience with at least two of the following: SAST DAST SCA or IAST tools in real CI/CD environments.
Proficiency in one or more programming languages (Python Go JavaScript/TypeScript or Java) for automation tooling and integration work.
Familiarity with modern development workflows including Git CI/CD pipelines and containerized environments.
Solid understanding of authentication and authorization frameworks (OAuth 2.0 SAML JWT).
Excellent communication skills with the ability to translate security findings into actionable engineering tasks.
Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence.

NICE TO HAVE

Relevant certifications such as OSCP GWAPT CEH or CSSLP.
Experience with bug bounty programs or responsible disclosure processes.
Familiarity with cloud-native security (AWS GCP or Azure) and cloud-native workload protection.
Prior contributions to open-source security tooling.

RESPONSIBILITIES Perform application security assessments including manual code review SAST DAST SCA and targeted penetration testing. Lead threat modeling sessions for new features architectural changes and AI/LLM-backed workflows with customer product and engineering teams. Integrate security too...

RESPONSIBILITIES

Perform application security assessments including manual code review SAST DAST SCA and targeted penetration testing.
Lead threat modeling sessions for new features architectural changes and AI/LLM-backed workflows with customer product and engineering teams.
Integrate security tooling (Semgrep Snyk CodeQL GitHub Advanced Security Burp Suite) into CI/CD pipelines (GitHub Actions GitLab CI Jenkins) with minimal developer friction.
Triage track and drive remediation of findings across web mobile and API surfaces with developer-friendly workflows and SLAs.
Design and maintain secure coding standards authentication and authorization patterns (OAuth 2.0 SAML JWT) and training materials for customer development teams.
Evaluate third-party libraries vendor integrations and open-source dependencies for supply chain and security risk.
Support incident response activities and contribute to post-incident analysis with a focus on application-layer root cause.
Write and maintain documentation runbooks and architecture decision records (ADRs) for AppSec tooling coding standards and remediation playbooks.

QUALIFICATIONS

3 to 5 years of experience in application security penetration testing or secure software development.
Strong knowledge of OWASP Top 10 CWE and common web and API vulnerability classes.
Hands-on experience with at least two of the following: SAST DAST SCA or IAST tools in real CI/CD environments.
Proficiency in one or more programming languages (Python Go JavaScript/TypeScript or Java) for automation tooling and integration work.
Familiarity with modern development workflows including Git CI/CD pipelines and containerized environments.
Solid understanding of authentication and authorization frameworks (OAuth 2.0 SAML JWT).
Excellent communication skills with the ability to translate security findings into actionable engineering tasks.
Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence.

NICE TO HAVE

Relevant certifications such as OSCP GWAPT CEH or CSSLP.
Experience with bug bounty programs or responsible disclosure processes.
Familiarity with cloud-native security (AWS GCP or Azure) and cloud-native workload protection.
Prior contributions to open-source security tooling.