Application Security Engineer

Application Security Engineer

EdgeConneX is seeking a skilled and experienced Application Security Engineer to join our team. The ideal candidate will have at least five years of hands-on experience in application security, a bachelor’s degree or higher in Computer Science or a related field, strong knowledge of secure coding practices and relevant professional certifications. You will be responsible for ensuring the security of our software applications throughout the development life cycle, working closely with developers, architects, and IT teams to identify, remediate, and prevent security vulnerabilities. This position reports to our Global Head of Cybersecurity and is based in Herndon, VA and provides flexibility for a hybrid onsite work schedule. There is a limited amount of travel needed for this position, but the flexibility to do so would be ideal.

Primary Responsibilities

• Conduct security assessments, code reviews, and penetration testing of web and mobile applications.
• Integrate security into all phases of the SDLC, from design through deployment.
• Perform application threat modeling, secure design reviews, and code reviews.
• Implement and manage application security testing tools (SAST, DAST, SCA, IAST).
• Collaborate with software development teams to integrate security best practices into the SDLC.
• Identify, analyze, and remediate vulnerabilities using industry-standard tools and methodologies.
• Develop and maintain security policies, standards, and guidelines for application development.
• Monitor emerging threats, vulnerabilities, and security technologies to ensure proactive protection.
• Provide guidance and training to developers on secure coding practices.
• Participate in incident response activities related to application-level threats.
• Prepare detailed security reports and documentation for stakeholders and compliance purposes.
• Support compliance and audit requirements related to application security.
• Perform Research & Development for AI Prompt Injection Attacks, Payloads for IoT devices (byte code may be required).

Required Education & Experience

• Bachelor’s Degree or higher in Computer Science, Information Security, or a related discipline
• 5+ years of professional experience in application security engineering in addition to educational background and internships
• Strong knowledge of:
  • AI, web and mobile application architectures and common vulnerabilities (e.g., OWASP Top 10). Web application and API security
  • Authentication, authorization, and session management
  • Encryption and secure data handling
• Experience with:
  • Application security testing tools (SAST, DAST, SCA, IAST)
  • CI/CD pipeline integration and DevSecOps practices
  • Cloud-native application security (AWS, Azure, or GCP)
• Hands-on experience with security tools such as Burp Suite, OWASP ZAP, SAST/DAST scanners, and similar.
• Familiarity with secure coding practices in languages such as Java, C#, Python, or JavaScript.
• Professional security certifications such as CSSLP, CISSP, CEH, GWAPT, OSCP, Cloud security certifications (AWS / Azure Security) or equivalent.
• Excellent analytical, problem-solving, and communication skills.
• Ability to work collaboratively in a team environment and manage multiple projects simultaneously and proactive approach to improving security
• Strong documentation and reporting skills

Experience that will make a candidate stand out

• Master’s Degree in a relevant IT field
• Direct experience with cloud security and establishing DevSecOps practices
• Knowledge of compliance frameworks such as PCI DSS, GDPR, or HIPAA
• Experience with containers and Kubernetes security
• Knowledge of Zero Trust and secure API gateways
• Experience with bug bounty programs or red team collaboration
• Contributions to open-source security projects or published research
• Extensive penetration testing experience