Jobot is hiring: Application Security Engineer in San Francisco County

Software Security Firm looking for Application Security Engineer This Jobot Consulting Job is hosted by: John Erwin Are you a fit? Easy Apply now by clicking the "Quick Apply" buttonand sending us your resume. Salary: $50 - $80 per hour A bit about us: We are a Software Consulting firm working with enterprise and start companies that are AI driven and we are developing some of the most cutting edge software/security solutions platforms in the world Why join us? Competitive Compensation Work on incredible projects that are fun and challenging Full Benefits (Medical, Vision, Dental) 401k Long term Contract to Hire opportunity Job Details RESPONSIBILITIES Perform application security assessments including manual code review, SAST, DAST, SCA, and targeted penetration testing. Lead threat modeling sessions for new features, architectural changes, and AI/LLM-backed workflows with customer product and engineering teams. Integrate security tooling (Semgrep, Snyk, CodeQL, GitHub Advanced Security, Burp Suite) into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins) with minimal developer friction. Triage, track, and drive remediation of findings across web, mobile, and API surfaces with developer-friendly workflows and SLAs. Design and maintain secure coding standards, authentication and authorization patterns (OAuth 2.0, SAML, JWT), and training materials for customer development teams. Evaluate third-party libraries, vendor integrations, and open-source dependencies for supply chain and security risk. Support incident response activities and contribute to post-incident analysis with a focus on application-layer root cause. Write and maintain documentation, runbooks, and architecture decision records (ADRs) for AppSec tooling, coding standards, and remediation playbooks. QUALIFICATIONS 3 to 5 years of experience in application security, penetration testing, or secure software development. Strong knowledge of OWASP Top 10, CWE, and common web and API vulnerability classes. Hands-on experience with at least two of the following: SAST, DAST, SCA, or IAST tools in real CI/CD environments. Proficiency in one or more programming languages (Python, Go, JavaScript/TypeScript, or Java) for automation, tooling, and integration work. Familiarity with modern development workflows including Git, CI/CD pipelines, and containerized environments. Solid understanding of authentication and authorization frameworks (OAuth 2.0, SAML, JWT). Excellent communication skills with the ability to translate security findings into actionable engineering tasks. Must be located in the SF Bay Area or willing to travel to our San Francisco office on a regular cadence. NICE TO HAVE Relevant certifications such as OSCP, GWAPT, CEH, or CSSLP. Experience with bug bounty programs or responsible disclosure processes. Familiarity with cloud-native security (AWS, GCP, or Azure) and cloud-native workload protection. Prior contributions to open-source security tooling. Interested in hearing more? Easy Apply now by clicking the "Quick Apply" button. Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot’s policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions. Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance. Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal. By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy

In Summary: Software Security Firm looking for Application Security Engineer . Work on incredible projects that are fun and challenging . Full Benefits (Medical, Vision, Dental) 401k 401k Long term Contract to Hire opportunity . Must be located in the SF Bay Area or willing to travel to our San Francisco office .

En Español: Este trabajo de consultoría Jobot está organizado por: John Erwin ¿Estás bien? Fácil Aplicar ahora haciendo clic en el botón "Aplicar rápido" y enviándonos tu currículum. Salario: $50 - $80 por hora Un poco más sobre nosotros: Somos una firma de consultores de software que trabaja con empresas empresariales y nuevas que están impulsadas por la IA y estamos desarrollando algunas de las plataformas de soluciones de seguridad/software más avanzadas del mundo Por qué unirte a nosotros? Compensación competitiva Trabajar en proyectos increíbles que son divertidos y desafiantes FullHub (Medical, Vision, Dental) 401k Long Contract to Hire Opportunity Jobs Details RESPONSIBILITIES Tester cambios en los patrones de seguridad de aplicaciones incluyendo revisión manual de código, SAST, DAST, SCA y penetración dirigida. Los desarrolladores se encuentran dentro de equipos de desarrollo de productos avanzados para realizar sesiones de búsqueda de datos, diseño de sistemas de seguridad y nuevos procesos de ingeniería de código web, Codificación automática y seguimiento de clientes (Codeo, CI-Lines, JLL). Evalúa bibliotecas de terceros, integraciones con proveedores y dependencias de código abierto para la cadena de suministro y el riesgo de seguridad. Apoya las actividades de respuesta a incidentes y contribuye al análisis postincidente con un enfoque en la causa raíz de la capa de aplicación. Escriba y mantenga documentación, libretas ejecutivas y registros de decisiones arquitectónicas (ADRs) para herramientas AppSec, estándares de codificación y libros de corrección. QUALIFICACIONES 3 a 5 años de experiencia en seguridad de aplicaciones, pruebas de penetración o desarrollo de software seguro. Conocimiento sólido de OWASP Top 10, CWE, y vulnerabilidades comunes web y API. Experiencia práctica con al menos dos de los siguientes: clases SAVE, DAST, SCA o IASTure en entornos reales CI/CD. Proficiencia en uno o más lenguajes de programación (PHP, GoTYPE / OSH, Área de Java), conocimientos técnicos y habilidad para desarrollar tareas de automatización de trabajo y gestión de datos, incluyendo una excelente comprensión del proceso de búsqueda de acceso a nuestros sistemas informáticos, programas de comunicación, etc. Familiarización con la seguridad nativa en la nube (AWS, GCP o Azure) y protección de carga de trabajo nativa en la Nube. Contribuciones previas a herramientas de seguridad de código abierto. ¿Está interesado en escuchar más? fácil Aplicar ahora haciendo clic en el botón "Aplicar rápido"? Jobot es un Empleador de Igualdad de Oportunidades. Proporcionamos un entorno laboral inclusivo que celebra la diversidad y todos los candidatos calificados reciben consideración por empleo sin importar raza, color, sexo, orientación sexual, identidad de género, religión, origen nacional, edad (40 años o mayores), discapacidad, estatus militar, información genética u cualquier otra base protegida por las leyes federales, estatales o locales aplicables. La información recopilada y procesada como parte de su perfil de candidato Jobot, así como cualquier solicitud de empleo, currículum u otra información que usted elija enviar están sujetas a la Política de privacidad de Jobot.