Remote - Application Security Engineer

Information Technology Remote - United States


We are looking for a results-oriented individual who will be responsible for ensuring the availability, confidentiality, and integrity of the Consensus business' data assets.

The Application Security Engineer will be an innovative, self-driven, team player. The Application Security Engineer will be responsible for building security controls and working with business technology teams to implement them; automation is key.

The Application Security Engineer is responsible for application security, policies and architecture, implementation, and security integration. This individual is also responsible for maintaining a high level of competency in the security field through ongoing education and must possess a proactive attitude towards learning and applying security best practices.


       Understand complex technical issues and manage them within a fast-paced business environment

       Identify current and emerging technology issues including security trends, vulnerabilities, and threats

       Research and implement new security solutions to better protect the organization

       Develop and improve metrics that drive desired behavior and security outcomes

       Conduct proactive research to analyze security weaknesses and recommend appropriate strategies

       Assist in driving Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tool deployments and integrations with CI/CD environments

       Guide developers to mitigate business-critical vulnerabilities and attack vectors in web applications

       Perform Vulnerability assessment and penetration testing, and propose remediation approaches

       Review secure code for newly-developed program features, extensions and scripts

       Review security elements in the software development life cycle (and off-shelf software)

       Work independently with developers, product owners, and other colleagues to ensure secure design, development, and implementation of our applications

       Evangelize secure coding practices internally


        Bachelor's Degree or Associate’s Degree in Information Security, Cybersecurity, Computer Science, Engineering or Networking with relevant experience  or equivalent experience.  

        Industry standard security certifications such as CEH, CISSP, CSSLP are recommended.

        Must possess problem-solving skills and be able to think logically and analytically.

        Must have skills to stay organized among multiple, competing activities and prioritize tasks/activities in alignment with team objectives.

        Meet project / deliverables schedules and communicate project status on a regular basis to supervisor and other stakeholders.

        Must be able to work independently or as a team member on assigned projects.

        Ability to balance risk with business appetite is a must.

        Communication and interpersonal skills are required to build a partnership with various business units.

        Strong knowledge of web application security issues, such as OWASP Top 10

        Understanding of programming languages

        Familiarity with Secure SDLC (Software Development Life Cycle) approaches

        Ability to recognize application vulnerabilities and possible exploits and their potential impact to businesses

        Familiar with dynamic and static analysis techniques, fuzzing / brute forcing

        Experience with manual web application testing by proxy tools such as Burp Suite

        Experience working with common dynamic and/or static analysis tools

        Knowledge of securing different on-prem and/or cloud applications using best security practices

This is a remote/office-based position which may be performed anywhere in the United States except within Colorado.