Application Security Engineer

Confirmed live in the last 24 hours

Lumin Digital

Remote- United States

On-site

Posted February 9, 2026

Job Description

Job Description

Basic Function

The Application Security Engineer ensures robust security practices within a highly regulated SaaS environment. Collaborating closely with Product and Development teams, this role embeds security throughout the Software Development Life Cycle (SDLC), from design to deployment and ongoing maintenance. The engineer manages automated vulnerability scanning tools, coordinates penetration tests, advises on secure architecture, and supports compliance, risk management, and incident response initiatives.

Essential Functions and Responsibilities:Monitor and analyze security alerts and vulnerability reports, prioritizing and validating vulnerabilities for timely remediation.

Maintain and optimize automated vulnerability scanning systems (SAST/DAST), ensuring comprehensive application security assessments.

Own the design, implementation, and evolution of ASPM capabilities, integrating signals from SAST, DAST, SCA to manage runtime and production telemetry and define risk scoring models that balance exploitability, data sensitivity, and business impact.

Own and operate the company’s bug bounty program end-to-end, including program strategy, scope definition, and maturity evolution, triage, validation, and severity assessment of submissions and engagement with external security researchersCoordinate and manage third-party penetration tests, bug bounty programs, and vulnerability assessments, responding effectively to findings.

Collaborate cross-functionally to perform architectural and code reviews, delivering actionable recommendations for enhanced application security.

Develop and maintain application threat models to inform proactive risk management and security posture improvements.

Assist internal teams in vulnerability remediation using industry-standard tools (e.g., Veracode, Qualys, Rapid7, Burp).Support incident response activities, enabling rapid identification, containment, and resolution of application security incidents.

Stay current on emerging security threats, vulnerabilities, and industry best practices, translating insights into practical guidance.

Provide security expertise in risk management, compliance audits, and client communications to enhance the overall security posture.

Perform other duties as assigned

Position Specifications

Education: Bachelor’s degree in Computer Science, Management Information Systems, Cybersecurity, or a related field is required, or equivalent combination of education and experience

Experience: 4 years of experience in application security engineering, software engineering, with security focused roles3 years of hands-on experience identifying and qualifying application security vulnerabilities, preferably within web, financial services, or mobile application environments required. Experience with AWS, Git, and industry-standard application vulnerability platforms required.

Knowledge, Skills, & Abilities: Proficiency analyzing application source code (e.g., TypeScript, JavaScript, C#, Java, Swift) to identify security vulnerabilities. Strong technical knowledge of security vulnerabilities and standards (OWASP Top 10, CWE, CVSS scoring).Deep familiarity with authentication and authorization protocols (e.g., SAML, OAuth 2.0, JWT).Applied knowledge of cryptographic practices, including encryption standards, hashing algorithms, and authentication lifecycle management. Excellent analytical, communication, and coordination skills, with the ability to effectively manage and communicate security remediation tasks. Ability to maintain productivity and professionalism in remote or distributed team environments. Demonstrated passion for continuous security learning and staying updated on industry threats and trends.

Travel: Minimal, generally 12 days or less per year

javatypescriptjavascriptgoawsaimobiledataproductdesign