[Remote] Application Security Engineer II

Note: The job is a remote job and is open to candidates in USA. National Digital Trust Company (In Organization) is a specialized financial institution focused on providing digital asset services. As an Application Security Engineer II, you will be responsible for designing and managing security practices for applications, collaborating with software engineers to ensure security is integrated throughout the software development lifecycle.

Responsibilities

• Perform automated and manual vulnerability assessments for APIs and web applications
• Conduct static (SAST), dynamic (DAST), software composition analysis (SCA), and interactive (IAST) testing
• Review findings for exploitability and provide actionable remediation guidance
• Perform manual testing to validate vulnerabilities and ensure secure implementations
• Partner with developers to embed security into the SDLC
• Participate in and help manage the secure code review approval process
• Perform product threat modeling and develop threat-focused validation checks
• Ensure new projects are designed, scoped, and deployed securely
• Implement, manage, and optimize application security tools across the organization
• Support the operational management of AppSec programs and workflows
• Manage cloud security for both internally developed and third-party applications
• Contribute to internal security documentation, playbooks, and best practices
• Support Red Team exercises and external penetration testing engagements
• Assist in triaging and responding to bug bounty submissions
• Perform validation testing to ensure applications meet internal and industry security standards
• Investigate security incidents through research and log analysis
• Contribute to incident response processes, documentation, and continuous improvement
• Build or enhance internal tooling to automate security testing, compliance checks, and evidence collection
• Write scripts and utilities to improve efficiency and scalability
• Evaluate and experiment with new tools to improve application security outcomes
• Serve as a security subject matter expert for engineering and business teams
• Promote a strong, approachable security culture across the organization
• Operate flexibly across multiple responsibilities in a fast-growing environment

Skills

• 3–5+ years of experience in Information Technology, including security tooling
• 3–5+ years of experience as an Application Security Engineer
• 1–3+ years of experience in regulated environments (e.g., financial services, fintech)
• Strong understanding of web application security principles and architecture
• Experience with container technologies and container security
• Proficiency in at least one programming language, with willingness to learn additional languages (e.g., Rust, TypeScript)
• Experience with CI/CD pipelines and source control tools (Git, GitHub)
• Experience evaluating Infrastructure-as-Code (IaC) security across cloud environments
• Familiarity with bug bounty programs (participation or triage)
• Understanding of OWASP Top 10 and application security best practices across web, DevOps, and emerging AI systems
• Strong problem-solving, analytical thinking, and ability to adapt quickly
• Experience implementing security controls within DevOps / DevSecOps environments
• Knowledge of application security risks and mitigation strategies
• Familiarity with frameworks and standards such as: NIST 800-53 / CSF 2.0, NIST SSDF (800-218), SOC 2, PCI-DSS, PA-DSS
• Understanding of Content Security Policy (CSP)
• Ability to identify and explain vulnerabilities such as: XSS, CSRF, injection attacks, MITM attacks, Brute-force and credential attacks
• Interest in financial services, digital assets, and custodial security
• Experience working with AI tools and understanding of security considerations for generative AI
• Familiarity with AI-assisted development workflows, agent-based systems, or MCP-based tools
• Willingness to learn and adapt to AI-driven SDLC environments
• Curiosity and a continuous improvement mindset
• Ability to balance security rigor with engineering velocity
• Strong communication skills and ability to influence across teams
• Passion for building scalable, practical security solutions

Benefits

• Employer-provided: Medical, Dental, and Vision insurance, 401(k), life and disability insurance.

Company Overview