AgileEngine is an Inc. 5000 company that creates award-winning software for Fortune 500 brands and trailblazing startups across 17+ industries. We rank among the leaders in areas like application development and AI/ML, and our people-first culture has earned us multiple Best Place to Work awards.
WHY JOIN US
If you're looking for a place to grow, make an impact, and work with people who care, we'd love to meet you!
ABOUT THE ROLE
We are looking for a
Senior Application Security Engineer
to modernize vulnerability management at scale within a highly regulated financial services environment. You will govern and analyze large vulnerability datasets from tools including Wiz, Checkmarx, and Snyk, build automated triage and remediation workflows using Python and AI-assisted agents, and embed security intelligence directly into CI/CD pipelines. The role requires deep AppSec tooling expertise, risk-based prioritization using CVSS and EPSS, and the ability to provide code-level remediation guidance to Java development teams.
WHAT YOU WILL DO
- Structure, analyze, and govern the massive output of vulnerability data from across the enterprise portfolio, ensuring it is highly contextualized and ready for consumption by developers and automated systems;
- Triage and prioritize vulnerabilities utilizing data-driven scoring models (
CVSS
,
EPSS
) combined with contextual business and infrastructure risk;
- Continuously tune security scanning tools (
SAST
,
DAST
,
SCA
) and data pipelines to eliminate noise and false positives, delivering only high-confidence alerts;
- Develop AI-assisted runbooks, custom scripts, and intelligent agent workflows to automate the triage and remediation of high-frequency vulnerabilities;
- Partner with platform teams to transform manual security review processes into automated, frictionless governance gates embedded directly within the
CI/CD
pipeline;
- Work directly with software engineers in their native tech stack (
Java
,
Python
) to provide specific, code-level remediation guidance, focusing on minimizing developer friction;
- Conduct application threat modeling and architecture reviews for new features within critical applications;
- Act as a DevSecOps evangelist, actively bridging the gap between stringent security mandates and Agile delivery velocity.
MUST HAVES
-
5+ years of experience in application security, software engineering, or DevSecOps
, with
at least 2+ years operating within highly regulated enterprise environments
(Finance, Healthcare, Defense);
- Proven ability to manage, analyze, and automate large datasets of security vulnerabilities to build intelligent governance and reporting metrics;
- Deep, hands-on expertise deploying, tuning, and consuming APIs from modern application security testing tools (
SAST
,
DAST
,
SCA
) and
CNAPP
platforms (e.g.,
Wiz
,
Checkmarx
,
SonarQube
,
Snyk
);
- Strong proficiency in
Python
(or
Go
) to build custom scripts, automate vulnerability data triage, and manipulate API data from security tooling;
- High proficiency in reading and reviewing enterprise application code, specifically
Java
;
- Advanced knowledge of vulnerability scoring systems (
CVSS
,
EPSS
) and industry-standard security frameworks (
OWASP Top 10
,
CWE
);
- Practical experience integrating automated security gates into modern
CI/CD
orchestration tools;
- Upper-intermediate English level.
NICE TO HAVES
- Experience utilizing
LLMs
, AI agents, or automated coding assistants to streamline vulnerability triaging, data classification, or remediation code generation;
- Prior experience managing vulnerabilities subject to strict financial compliance standards (
PCI-DSS
,
SOC2
,
NYDFS
);
- Industry-recognized application security certifications (e.g.,
CSSLP
,
GWAPT
,
GWEB
,
CISSP
, or
CEH
);
- Strong familiarity operating within Agile/Scrum delivery models and utilizing
Jira
for automated backlog management.
PERKS AND BENEFITS
-
Professional growth
: Accelerate your professional journey with mentorship, TechTalks, and personalized growth roadmaps.
-
Competitive compensation
: We match your ever-growing skills, talent, and contributions with competitive USD-based compensation.
-
Exciting projects
: Join projects with modern solutions development and top-tier clients, including Fortune 500 enterprises and leading product brands.
-
Flextime
: Tailor your schedule for an optimal work-life balance, with options for remote work and flexible hours.
