Job Details

Bay Area | Contract-to-Hire | Cybersecurity Services | Application Security Engineer

We're recruiting for an Application Security Engineer on behalf of a high-growth VAR cybersecurity services firm. This is a hands-on, client-facing role where you'll work closely with product and engineering teams to embed security into the development lifecycle—ideal for someone who enjoys staying technical while driving real security outcomes across modern application environments.

Client Summary:

A rapidly growing cybersecurity services company delivering advanced security solutions across application, cloud, and detection domains. The firm partners with enterprise clients to strengthen security posture, improve detection and response, and embed secure development practices across web, mobile, and API environments. Known for deep technical expertise and a consultative approach, they are scaling quickly and expanding their service offerings.

What You'll Do (Responsibilities):

• Perform application security assessments including code review, SAST, DAST, SCA, and targeted testing
• Lead threat modeling sessions across new features, architecture changes, and emerging technologies
• Integrate security tooling (Semgrep, Snyk, CodeQL, GitHub Advanced Security, Burp Suite) into CI/CD pipelines
• Triage and drive remediation of vulnerabilities across web, mobile, and API surfaces
• Design and implement secure coding standards and authentication/authorization patterns (OAuth 2.0, SAML, JWT)
• Evaluate third-party libraries and dependencies for security and supply chain risk
• Support incident response and contribute to application-layer root cause analysis
• Develop documentation, runbooks, and security playbooks to support engineering teams

What You'll Bring (Requirements):

• 3–5 years of experience in application security, penetration testing, or secure software development
• Strong knowledge of OWASP Top 10, CWE, and common web/API vulnerabilities
• Hands-on experience with SAST, DAST, SCA, or IAST tools in CI/CD environments
• Proficiency in one or more languages (Python, Go, JavaScript/TypeScript, or Java)
• Familiarity with modern development workflows (Git, CI/CD, containers)
• Understanding of authentication and authorization frameworks (OAuth 2.0, SAML, JWT)
• Strong communication skills with the ability to translate findings into actionable engineering tasks
• Ability to travel regularly to San Francisco Bay Area

Nice to Have:

• Certifications such as OSCP, GWAPT, CEH, or CSSLP
• Experience with bug bounty or responsible disclosure programs
• Familiarity with cloud security (AWS, GCP, Azure)
• Contributions to open-source security tooling

Compensation & Structure:

• Contract role with potential for W2 conversion
• Highly competitive compensation (DOE)
• High-impact role with direct visibility to leadership

Why This Role Stands Out:

• Hands-on role working directly with engineering teams to influence secure development practices
• Exposure to modern application stacks, APIs, and emerging technologies
• Opportunity to work across diverse client environments and security challenges

Why Join Our Client?

This is an opportunity to join a scaling cybersecurity services firm where you'll have real ownership, work on complex application security challenges, and help define how secure development is implemented across organizations.

Interested and qualified? DM Morgan Brown and apply today!