Jobgether is hiring a Senior Application Security Engineer to protect our applications and systems from evolving threats. In this role, you will apply your technical cybersecurity background to enhance our security posture by working closely with development and engineering teams.

What You'll Do

Conduct security assessments, code reviews, and penetration testing to identify application vulnerabilities.
Design, develop, and implement security tools, frameworks, and methodologies to protect applications.
Partner with development teams to integrate security best practices throughout the SDLC, including secure coding guidelines.
Perform threat modeling and risk assessments to proactively identify and mitigate potential risks.
Support vulnerability management by tracking, analyzing, and guiding remediation efforts.
Assist with incident response, investigating and documenting application-related security events.
Stay informed on emerging security threats, vulnerabilities, and technologies to continuously improve practices.

What We're Looking For

5+ years of software development experience, ideally with exposure to information security or AppSec.
Strong understanding of secure coding, threat modeling, and vulnerability management across the SDLC.
Proficient in Go, Python, or Java, with experience in CI/CD pipelines and GitHub.
Hands-on experience with security tools and frameworks (e.g., SAST, DAST, SCA like Snyk, Semgrep, OWASP ZAP, Burp).
Knowledge of core information security concepts including malware, exploits, firewalls, and intrusion detection/prevention systems.
Subject matter expertise in at least one of: Threat & Vulnerability Management, Incident Response, Threat Hunting, Red Teaming, or Penetration Testing.
Ability to interpret and prioritize security data, and collaborate effectively with developers to remediate issues.
Excellent communication skills to influence and work across engineering and security teams.

Nice to Have

Experience with cloud and container security (GCP, Kubernetes, Docker, Terraform).
Familiarity with endpoint and vulnerability management tools (e.g., CrowdStrike Falcon, Wiz).
Relevant certifications (ISC², ISACA, or GCP) and a degree in Computer Science or related field.
Background securing AI infrastructure or model deployments.
Strong analytical, time management, and problem-solving skills in fast-paced environments.

Technical Stack

Languages: Go, Python, Java
DevOps: CI/CD pipelines, GitHub
Security Tools: SAST, DAST, SCA, Snyk, Semgrep, OWASP ZAP, Burp
Cloud & Infrastructure: GCP, Kubernetes, Docker, Terraform
Other: CrowdStrike Falcon, Wiz

Team & Environment

You will work in a collaborative environment, partnering closely with development and engineering teams to integrate security expertise with product innovation.

Benefits & Compensation

Remote-friendly work environment with flexible schedule options.
Comprehensive medical, dental, and vision coverage.
Generous paid time off, sick leave, and parental leave.
Retirement plan with company matching.
Professional development opportunities and access to cutting-edge security tools.
Wellness benefits and a supportive, inclusive team culture.