Application Security Engineer
Description
Application Security Engineers partner with software development teams to help build secure applications for Laserfiche’s customers. In this role, you will assist in implementing secure development practices and integrating security tools into the software development lifecycle (SDLC). You will gain hands-on experience with modern application security approaches, including automated testing, vulnerability management, and CI/CD security controls.
This role focuses applying security best practices to identify and reduce risks early in the development process, while collaborating with developers, DevOps, and security team members.
- Hybrid: Three days per week (Tuesday, Wednesday and Thursday) in office in Long Beach, CA.
- Remote work from home on Mondays and Fridays.
• Assist in integrating application security tools (e.g., SAST, DAST, SCA) into CI/CD pipelines to help identify vulnerabilities early
• Support engineering teams in remediating common security issues discovered through automated scans and testing
• Participate in basic threat modeling exercises to identify potential risks and recommend mitigations
• Conduct security reviews of code and application designs with guidance from senior team members
• Help track and validate remediation of identified vulnerabilities across applications and services
• Monitor and triage security findings from scanners, bug bounty programs, or internal testing
• Contribute to maintaining documentation for secure coding standards and application security processes
• Stay up to date on common vulnerabilities (e.g., OWASP Top 10) and assist in educating developers on secure coding practices
- Bachelor’s degree in Computer Science, Information Security or higher
- Familiarity with Git-based development workflows and CI/CD pipelines
- Basic knowledge of cloud environments (e.g., AWS, Azure) and container technologies (Docker, Kubernetes)
- Exposure to secure development practices in Agile/DevOps environments
- Experience with security testing tools
- Entry-level certifications such as Security+, eJPT, or similar are a plus
- 1–3 years of experience in software engineering, application security, or related field
- Basic understanding of web application security concepts (e.g., authentication, authorization, input validation, OWASP Top 10)
- Familiarity with at least one programming or scripting language (e.g., Python, JavaScript, C#, Java)
- Exposure to application security tools such as SAST, DAST, or Software Composition Analysis (SCA)
- Strong problem-solving skills and attention to detail
- Effective verbal and written communication skills
- 15 Days of Vacation
- 3 Floating Holidays
- 2 Paid Volunteer Holidays
- 9 Paid Holidays
- Hybrid Work Environment
- Free Parking: covered and EV charging stations
- Various 401 (k) Investment Options and Generous Company Match
- HMO and PPO Medical Care Options (Employees are fully covered under HMO)
Applicants must be authorized to work for Laserfiche in the United States on a full-time basis without the need for employer sponsorship. We are unable to sponsor new employment visas, or take over sponsorship of existing employment visas, at this time.
With a strong global presence and offices across North America, Europe, and Asia, Laserfiche is recognized for its commitment to innovation, quality, and customer success. Our people-first culture fosters professional growth, continuous learning, and collaboration—making Laserfiche a place where talented individuals can shape the future of digital enterprise technology.