As an Application Security Engineer, you will conduct security testing on applications, assess vulnerabilities, and promote secure coding practices while collaborating with various teams.
As an Application Security Engineer, you will perform application security testing on web applications, mobile applications, microservices, infrastructure code, and open source code in order to expose weaknesses in their design and/or configuration that make them susceptible to exploitation.
You will work closely with development teams, product managers, and other members of the information security team to assess risks, conduct security reviews, and recommend steps for the remediation of identified vulnerabilities. You will educate development engineers on secure coding practices and contribute to overall application security awareness.
What You Will Work On
- Collaborate with internal teams to define the scope of application security testing activities, including the number and types of applications to be tested, and the testing methodology.
- Plan and carry out application security testing in all phases of the software development life cycle to identify vulnerabilities in application code and weaknesses in secure coding practices.
- Use test results to create reports that detail discovered security issues, assess risk levels, and provide actionable recommendations.
- Assess discovered vulnerabilities and recommend solutions to reduce risk and mitigate security impacts to the application environment.
- Communicate findings, risks, conclusions, and recommendations to stakeholders.
- Consider the impact your testing will have on the business and its users.
- Clearly articulate and convey the potential business or operational impact of unaddressed security vulnerabilities.
Who We Are Looking For
- 3-5 years of proven experience in application security testing, including Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Open Source Security (OSS) testing, Software Composition Analysis (SCA)
- Bachelor’s Degree, ideally in a technically related field (Computer Science, Information Technology, Software Engineering), or equivalent work experience
- Relevant certifications: EC-Council Certified Application Security Engineer (C|ASE), GIAC Certified Web Application Defender (GWEB), (ISC)2 Certified Secure Software Lifecycle Professional (CSSLP)
- Experience testing web applications for OWASP Top Ten security vulnerabilities
- A thorough understanding of the Software Development Life Cycle (SDLC)
- Experience in promoting and implementing secure coding practices, and providing training and education to development teams on secure development practices
- Strong verbal and written communication skills with the ability to clearly articulate technical concepts to both technical and non-technical audiences
- Attention to detail, to plan and execute tests that meet all requirements
- Ability to prioritize tasks and manage time effectively to meet deadlines
- Ethical integrity to be trusted with a high level of confidential information
- Ability to collaborate with team members and share knowledge
- Exceptional analytical and problem-solving skills and the persistence to apply different techniques to get the job done
- Ability to understand the business implications of identified weaknesses
- Commitment to continuously update your technical knowledge base
What You Can Expect
- Competitive compensation and immediate contribution!
- Inclusive benefits package offerings 401k plans and customizable benefits including dental, vision, medical, etc. for you and your dependents.
- An innovative culture that understands the importance of quality of work over quantity.
- Company-supported and employee-driven ambassador groups that promote diversity, working on a hybrid schedule and philanthropy.
- Learning and development programs to help advance your career and personal growth.
What We Value
- Wherever it leads, Whatever it takes! We believe in making the impossible possible!
- Thrive personally, grow professionally―be happy!
- Innovate, learn, lead- Knowledge and growth is never ending!
- We believe in hiring nice people because anything is possible when you have the team's support.
- Improving the lives around us- A smile could change the entire world.
- Be the most trusted, respected, and loved real estate valuation company in the world.
About Us
Clear Capital is a national real estate valuation technology company with a simple purpose: build confidence in real estate decisions to strengthen communities and improve lives. Our goal is to provide customers with a complete understanding of every U.S. property through our field valuation services and analytics tools, and improve their workflows with our platform technologies. Our commitment to excellence — wherever it leads, whatever it takes® — is embodied by team members.
Clear Capital is an equal opportunity employer.
To all recruitment agencies: Clear Capital does not accept agency resumes. Please do not forward resumes to our jobs alias, Clear Capital employees, or any other company location. Clear Capital is not responsible for any fees related to unsolicited resumes.
Top Skills
Dast
Oss Testing
Sast
Sca
Similar Jobs
Artificial Intelligence • Computer Vision • HR Tech • Machine Learning • Software
The Application Security Engineer will enhance security processes, conduct assessments, automate vulnerability detection, lead SDLC practices, and train on secure development practices.
Top Skills:
Automation ToolsCi/Cd PipelineNist GuidelinesOwaspStatic And Dynamic Application Security Tools
Fintech • Financial Services
The Application Security Engineer validates applications against security standards, conducts vulnerability testing, collaborates with developers, and trains them on secure coding practices.
Top Skills:
Dynamic Code AnalysisPenetration TestingStatic Code AnalysisVulnerability Testing
Cloud • Security • Software • Cybersecurity • Automation
The role involves conducting security reviews, proposing secure practices, securing software supply chain, and improving security workflows.
Top Skills:
BrakemanBurpsuiteGoOwaspRuby On RailsShell Scripting
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
