Application Security Engineer
This role conducts comprehensive security reviews and threat modeling across AI-native platforms and data infrastructure, identifying vulnerabilities in applications that power enterprise AI agents, LLM systems, and knowledge graphs. What distinguishes Application Security Engineers from broader security roles is their focus on embedding security into the development lifecycle itself—through code reviews, secure design practices, and CI/CD integration—rather than conducting external assessments alone. These engineers typically sit within dedicated product or application security teams that partner closely with engineering organizations, translating security requirements into developer-friendly practices and tooling that enable teams to ship secure code at scale.
Skills
What companies are looking for in this role.
Conducting threat modeling and secure design reviews to identify architectural security risks
Performing manual code reviews and static analysis to identify security vulnerabilities
Integrating security controls into CI/CD pipelines and development workflows
Designing and implementing secure coding standards and guidelines for development teams
Managing vulnerability identification, triage, and remediation processes
Conducting security architecture reviews and implementing security controls across infrastructure
Writing secure code and building security libraries and reusable security components
Architecting authentication and authorization mechanisms including RBAC and ABAC systems
Implementing DevSecOps practices and secure infrastructure-as-code patterns
Securing cloud-native applications and Kubernetes infrastructure
Evaluating and securing software supply chains including SBOM creation and management
Establishing and maintaining compliance with security standards and regulatory requirements
Performing exploit writing and creating exploit chains to validate vulnerabilities
Implementing secrets management and secure credential handling practices
Securing AI and machine learning systems including LLM architectures and training data pipelines
Designing secure controls for emerging AI technologies and novel security risks
Performing security assessments on AI agents and agentic AI systems
Protecting enterprise knowledge graphs and securing multi-tenant AI platforms
Collaborating cross-functionally with engineering, DevOps, and platform teams
Mentoring and training engineers on secure coding practices and security-first mindset
Communicating security risks and vulnerabilities clearly to technical and non-technical stakeholders
Acting as subject matter expert and technical liaison across security and engineering teams
Building scalable security programs and driving organizational security culture
Balancing pragmatism with security rigor in fast-paced engineering environments
Leading incident response activities and vulnerability disclosure programs
Technology
The tools and technologies that define this role.
Open Jobs
40 open Application Security Engineer jobs across 21 companies.
Other Security roles
Secures cloud infrastructure, networks, and systems.
Generalist security engineering role spanning multiple security domains. For security engineers who work across application, infrastructure, and cloud security without a single dominant specialization. The default home for "Security Engineer" titles when the function is clearly Security.
Builds detection systems, investigates security incidents, and leads incident response efforts.
Conducts offensive security assessments including red teaming, penetration testing, and adversarial simulation.
Designs and maintains identity infrastructure, authentication systems, and access control policies.