Application Security Engineer

Job Summary

Contributing to security assessments of client software, the full-time remote Application Security Engineer will identify vulnerabilities, drive vulnerability analysis, and develop custom security tools while owning client engagements from discovery to delivery.

Key responsibilities

• Lead security assessments for specific components, identifying vulnerabilities and owning analysis through to client delivery
• Find and validate real vulnerabilities in application code and systems, explaining exploitation paths and developing proof-of-concept code as needed
• Design and build security testing tools and automation for vulnerability detection, overseeing tool development from concept to deployment

Required qualifications

• Proven ability to find and validate real vulnerabilities through demonstrable experience such as CTF wins or published CVEs
• Strong code analysis skills with the ability to read complex code and identify logic flaws
• Hands-on coding proficiency in at least two programming languages such as Rust, Go, C, C++, Python, JavaScript, or TypeScript
• Understanding of memory safety vulnerabilities and modern mitigations
• Deep familiarity with operating systems and how applications interact with system internals