Source Job

Europe

  • Define security requirements and design application architectures following a secure-by-default approach.
  • Conduct threat modeling, code reviews, and penetration testing on cloud-based web and mobile apps.
  • Implement, manage, and automate SAST/DAST/SCA security controls and WAF rules to enforce protection at scale.

Python Rust Threat Modeling Penetration Testing

20 jobs similar to Application Security Engineer

Jobs ranked by similarity.

Global Unlimited PTO

  • Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
  • Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.

Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.

US 4w PTO

  • Lead application security reviews, threat modeling, and secure code review for new features and significant product changes.
  • Operate and improve SAST, DAST, and SCA tooling, triage findings, and partner with engineering teams to harden the codebase.
  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients, and own the vulnerability management lifecycle.

ButterflyMX empowers people to automate property access, operations, and security from a single platform, serving over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by a shared commitment to excellence and innovation.

$120,000–$154,440/yr
US 12w maternity 12w paternity

  • Architect, design, and implement end-to-end security solutions including firewalls, intrusion detection, and cloud security controls.
  • Collaborate with DevOps to integrate security into CI/CD pipelines and automate secure deployments.
  • Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations.

Figure is transforming capital markets through blockchain, powering real products used by hundreds of thousands of consumers and institutions. With over 170 partners and $22 billion in home equity loans originated, Figure is the largest non-bank provider of home equity financing in the U.S., recognized as one of Forbes' Most Innovative Fintech Startups in 2025.

$152,000–$175,000/yr
US Unlimited PTO

  • Lead threat modeling, architecture reviews, and code reviews for web applications, APIs, and microservices.
  • Actively develop and commit code to fix security flaws in Python, Go, or JavaScript/TypeScript codebases.
  • Implement and manage security testing tools within CI/CD pipelines to catch vulnerabilities early in the SDLC.

RunPod is the AI Developer Cloud, providing a platform for developers to experiment, train, fine-tune, deploy, and scale AI. We are a small, remote-first team that has processed over 20 billion inference requests and closed a $100M Series A in June 2026.

India

  • Partner with engineering, product, and DevOps teams to integrate security practices throughout the SDLC, focusing on cloud-native environments and automated pipelines.
  • Design, implement, and maintain security tooling and gates within CI/CD pipelines covering SAST, DAST, SCA, secrets detection, and container scanning.
  • Lead threat modeling, conduct application security assessments including code review and manual penetration testing, and triage bug bounty reports.

Hyland is the pioneer of the Content Innovation Cloud, delivering ubiquitous enterprise intelligence to organizations. With a team of nearly 4,000 employees, the company fosters an employee-centric culture focused on community impact and innovation.

Brazil

  • Identify and remediate vulnerabilities across the product ecosystem using code reviews and automation.
  • Integrate security tools and practices into CI/CD pipelines to ensure secure development.
  • Collaborate with engineering teams to apply threat modeling and secure-by-design principles.

They are a partner company specializing in digital product security. The team size is not specified, but the culture emphasizes trust, collaboration, and remote work.

$180,000–$205,500/yr
US 18w maternity 16w paternity

  • Contribute to secure-by-design practices and advance the S-SDLC program.
  • Mentor engineers on secure coding and career growth.
  • Evaluate and recommend AI-assisted security tooling.

Spring Health is a global mental health company eliminating every barrier to mental health. They reach more than 170 million people worldwide and are an AI-native company focused on expanding the reach, quality, and humanity of care.

Europe US Unlimited PTO

  • Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
  • Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
  • Improve secure development practices through code reviews, threat modeling, and security design reviews.

Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.

US

  • Lead implementation and optimization of AppSec tools such as SAST, DAST, and SCA across client environments.
  • Conduct manual application and API security assessments, identifying vulnerabilities and recommending remediation strategies.
  • Advise clients on secure SDLC practices and integrate security tools into CI/CD pipelines.

The company is a cybersecurity consulting firm that helps organizations design and operationalize application security programs. It operates with a remote-first culture and a collaborative, client-facing team.

$60,000–$211,000/yr
Canada

  • Embed secure-by-design principles across cloud, SaaS, and AI-driven systems.
  • Lead threat modeling sessions and security design reviews for applications, APIs, and microservices.
  • Define security standards, mentor engineers, and drive organization-wide risk reduction programs.

Jobgether uses an AI-powered matching process to connect candidates with hiring companies quickly and objectively. They are a remote-first, globally distributed company with an inclusive engineering culture.

US 5w PTO

  • Own key security domains such as vulnerability management, application security, API security, and supply chain security.
  • Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
  • Develop and improve security tooling and automation to reduce manual effort and leverage AI for triage and detection.

NinjaTrader is an industry-leading trading platform and futures broker that empowers traders with award-winning software and brokerage services. Since 2003, the company has grown to over 2 million users and is the number one rated futures brokerage worldwide, fostering a dynamic culture focused on social connection, professional development, and employee recognition.

US

  • Secure AI systems and use AI to scale security, conducting security reviews and threat modeling of AI-integrated product features.
  • Deliver end-to-end application security reviews for high-risk features, working directly with engineering teams to surface and close risk.
  • Advance CI/CD pipeline security by operating and evolving security scanning controls in GitLab pipelines.

Smartsheet empowers teams to manage work and scale solutions by uniting human teams with AI agents. They are a large company with over 20 years of experience, fostering a culture where ideas are heard and contributions have real impact.

$82,550–$170,180/yr
UK

  • Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
  • Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
  • Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.

Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.

India

  • Lead security initiatives across infrastructure, applications, cloud, and enterprise deployments to ensure a strong security posture.
  • Conduct penetration testing, vulnerability assessments, and security reviews to proactively identify and mitigate risks.
  • Collaborate with engineering, DevOps, and machine learning teams to embed security best practices into products and processes.

The company develops innovative AI-driven products for highly regulated environments. They operate with a startup culture, emphasizing collaboration, autonomy, and continuous improvement.

US Unlimited PTO

  • Deliver Application Security services including threat modeling, architecture reviews, and program assessments.
  • Author comprehensive reports tailored to technical and managerial audiences with remediation strategies.
  • Contribute to practice development and mentor team members while embracing emerging technologies.

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. With over 1,200 employees, the company fosters a collaborative culture focused on mentorship and knowledge sharing.

Canada

  • Design and ship scalable security solutions to bridge the gap between security and engineering teams.
  • Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
  • Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.

Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.

Asia

  • Design and implement secure application architectures considering authentication, authorization, data protection, and vulnerability management.
  • Develop and maintain secure coding guidelines, conduct security reviews, and implement security controls.
  • Communicate security risks to stakeholders and provide guidance on secure coding practices.

Binance is a leading global blockchain ecosystem behind the world’s largest cryptocurrency exchange. With over 300 million users in 100+ countries, it offers a diverse, fast-paced, and innovative work environment.

US

  • Provide strong leadership as a security thought leader across Delinea's product offerings.
  • Perform end-to-end security architecture reviews and threat modeling.
  • Maintain and mature Product Security tooling such as SAST, SCA, DAST, ASPM.

Delinea is a pioneer in securing human and machine identities through intelligent, centralized authorization. They are a global team of passionate problem-solvers, with a culture of innovation, respect, and fairness.

$145,000–$175,000/yr
United States

  • Strengthen company-wide security posture through hands-on engineering, collaboration, and pragmatic standards, focusing on application security, cloud and infrastructure security, and secure development practices.
  • Define and implement scalable security standards supporting SOC 2 readiness through practical, automated, and auditable solutions, partnering with Engineering, Infrastructure, IT, Product, Legal, and other teams.
  • Build and maintain internal security tools, automation, and services that support secure development, compliance workflows, vulnerability management, and operational visibility.

Later is the world’s most intelligent influencer marketing company, built to give brands the confidence to create unforgettable campaigns by combining real creator relationships, trusted intelligence, and expert guidance. Trusted by leading enterprise brands including Nike, Wayfair, Unilever, and Southwest Airlines, Later bridges creativity and performance so campaigns deliver results.

Europe

  • Design and implement security features and safeguards to protect the platform.
  • Integrate security best practices throughout the software development lifecycle.
  • Mentor engineering teams on secure development practices and help remove technical blockers.

The company is a SaaS platform serving millions of users worldwide. It operates in a fully remote, international environment with a product-driven engineering culture.