What you will do
- Structure, analyze, and govern the massive output of vulnerability data from across the enterprise portfolio, ensuring it is highly contextualized and ready for consumption by developers and automated systems;
- Triage and prioritize vulnerabilities utilizing data-driven scoring models (CVSS, EPSS) combined with contextual business and infrastructure risk;
- Continuously tune security scanning tools (SAST, DAST, SCA) and data pipelines to eliminate noise and false positives, delivering only high-confidence alerts;
- Develop AI-assisted runbooks, custom scripts, and intelligent agent workflows to automate the triage and remediation of high-frequency vulnerabilities;
- Partner with platform teams to transform manual security review processes into automated, frictionless governance gates embedded directly within the CI/CD pipeline;
- Work directly with software engineers in their native tech stack (Java, Python) to provide specific, code-level remediation guidance, focusing on minimizing developer friction;
- Conduct application threat modeling and architecture reviews for new features within critical applications;
- Act as a DevSecOps evangelist, actively bridging the gap between stringent security mandates and Agile delivery velocity.
Must haves
- 5+ years of experience in application security, software engineering, or DevSecOps, with at least 2+ years operating within highly regulated enterprise environments (Finance, Healthcare, Defense);
- Proven ability to manage, analyze, and automate large datasets of security vulnerabilities to build intelligent governance and reporting metrics;
- Deep, hands-on expertise deploying, tuning, and consuming APIs from modern application security testing tools (SAST, DAST, SCA) and CNAPP platforms (e.g., Wiz, Checkmarx, SonarQube, Snyk);
- Strong proficiency in Python (or Go) to build custom scripts, automate vulnerability data triage, and manipulate API data from security tooling;
- High proficiency in reading and reviewing enterprise application code, specifically Java;
- Advanced knowledge of vulnerability scoring systems (CVSS, EPSS) and industry-standard security frameworks (OWASP Top 10, CWE);
- Practical experience integrating automated security gates into modern CI/CD orchestration tools;
- Upper-intermediate English level.
Nice to haves
- Experience utilizing LLMs, AI agents, or automated coding assistants to streamline vulnerability triaging, data classification, or remediation code generation;
- Prior experience managing vulnerabilities subject to strict financial compliance standards (PCI-DSS, SOC2, NYDFS);
- Industry-recognized application security certifications (e.g., CSSLP, GWAPT, GWEB, CISSP, or CEH);
- Strong familiarity operating within Agile/Scrum delivery models and utilizing Jira for automated backlog management.
We are looking for a Senior Application Security Engineer to modernize vulnerability management at scale within a highly regulated financial services environment. You will govern and analyze large vulnerability datasets from tools including Wiz, Checkmarx, and Snyk, build automated triage and remediation workflows using Python and AI-assisted agents, and embed security intelligence directly into CI/CD pipelines. The role requires deep AppSec tooling expertise, risk-based prioritization using CVSS and EPSS, and the ability to provide code-level remediation guidance to Java development teams.
If you’re looking for a place to grow, make an impact, and work with people who care, we’d love to meet you!
About the role
The benefits of joining us
Professional growth
Accelerate your professional journey with mentorship, TechTalks, and personalized growth roadmaps
Competitive compensation
We match your ever-growing skills, talent, and contributions with competitive USD-based compensation and budgets for education, fitness, and team activities
A selection of exciting projects
Join projects with modern solutions development and top-tier clients that include Fortune 500 enterprises and leading product brands
Flextime
Tailor your schedule for an optimal work-life balance, by having the options of working from home and going to the office – whatever makes you the happiest and most productive.
Your AgileEngine journey starts here
2 min
Tell us about yourself
2 sec
Confirm requirements
30 - 60 min
Pass a short test
5 min
Record a short video
→ Introduce yourself on a video, instead of waiting for an interview
Live interview
Ace the technical interview with our team
→ Schedule a call yourself right away after your video is reviewed
Live interview
Final interview with your team
→ Get to know the team you will be working with
Get an offer
As quick as possible
