Application Security Engineer
About Andesite:
After decades defending the nation's most sensitive networks, we founded Andesite with a clear mission: to build security products that transform how humans and AI collaborate to defend against increasingly sophisticated cyber threats.
We’re a diverse team of cyber and security experts, passionate technologists, and experienced product builders. We come from some of the largest national security, tech, cybersecurity, and data organizations on the planet.
We've raised more than $38 million from investors like General Catalyst and Red Cell Partners.
The future of cybersecurity isn't about better technology alone—it's about reimagining how humans and machines work together. Come build with us.
The Role:
Andesite is seeking an Application Security Engineer to help secure our software applications from design to deployment. You’ll partner closely with developers, DevOps, and product teams to identify and mitigate vulnerabilities, perform threat modeling, review source code, and embed mature security practices across the software development lifecycle. This role is ideal for someone with strong technical skills who’s enthusiastic to mature application-layer defenses in a dynamic fast-moving environment.
What You’ll Do:
Conduct manual and automated application security testing (e.g. web, API)
Lead threat modeling sessions and collaborate on secure design reviews
Perform code reviews and provide secure coding guidance to engineering teams
Partner with development teams to triage and remediate vulnerabilities
Collaborate with DevOps and cloud engineering teams on secure infrastructure-as-code
What You Have:
4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
Bachelor's in Computer Science, Cyber Security, Software Engineering, or related field.
Strong understanding of OWASP Top 10 and common web/app/API vulnerabilities.
Experience with SAST/DAST/SCA toolsets (e.g. Veracode, Burp Suite, Checkmarx, Snyk).
Proficiency in languages like Python and JavaScript, including their secure coding practices.
Hands-on experience with CI/CD environments (e.g. GitHub Actions, Jenkins, GitLab).
Experience with threat modeling frameworks (e.g. STRIDE).
Familiarity with compliance frameworks (e.g. PCI DSS, NIST 800-53, SOC 2, ISO 27001).
Even Better If You Have:
Relevant certifications (e.g. OSCP, GWAPT, CSSLP, CASE).
Experience with cloud platforms (e.g. AWS, Azure, GCP) and their security features.
Exposure with securing containerized applications (e.g. Docker, Kubernetes).
Knowledge to perform penetration testing against AI models.
What We Offer:
Top-of-market competitive salary, bonus, and equity package
100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
Unlimited PTO, with your manager’s approval
Flexible work environment where you manage your work day
A remote-first environment, with occasional travel to collaborate with customers, your team, and teammates from across the company in person
Home office reimbursement
14 weeks of fully-paid parental leave
Salary range: $120,000-$140,000. This represents the typical salary range for this position based on experience, skills, and other factors.
Andesite is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
We encourage candidates from all backgrounds to apply, even if you don't feel like you're a perfect fit. If you're passionate about contributing to our mission, we'd love to hear from you!
About the job
Apply for this position
Application Security Engineer
About Andesite:
After decades defending the nation's most sensitive networks, we founded Andesite with a clear mission: to build security products that transform how humans and AI collaborate to defend against increasingly sophisticated cyber threats.
We’re a diverse team of cyber and security experts, passionate technologists, and experienced product builders. We come from some of the largest national security, tech, cybersecurity, and data organizations on the planet.
We've raised more than $38 million from investors like General Catalyst and Red Cell Partners.
The future of cybersecurity isn't about better technology alone—it's about reimagining how humans and machines work together. Come build with us.
The Role:
Andesite is seeking an Application Security Engineer to help secure our software applications from design to deployment. You’ll partner closely with developers, DevOps, and product teams to identify and mitigate vulnerabilities, perform threat modeling, review source code, and embed mature security practices across the software development lifecycle. This role is ideal for someone with strong technical skills who’s enthusiastic to mature application-layer defenses in a dynamic fast-moving environment.
What You’ll Do:
Conduct manual and automated application security testing (e.g. web, API)
Lead threat modeling sessions and collaborate on secure design reviews
Perform code reviews and provide secure coding guidance to engineering teams
Partner with development teams to triage and remediate vulnerabilities
Collaborate with DevOps and cloud engineering teams on secure infrastructure-as-code
What You Have:
4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
Bachelor's in Computer Science, Cyber Security, Software Engineering, or related field.
Strong understanding of OWASP Top 10 and common web/app/API vulnerabilities.
Experience with SAST/DAST/SCA toolsets (e.g. Veracode, Burp Suite, Checkmarx, Snyk).
Proficiency in languages like Python and JavaScript, including their secure coding practices.
Hands-on experience with CI/CD environments (e.g. GitHub Actions, Jenkins, GitLab).
Experience with threat modeling frameworks (e.g. STRIDE).
Familiarity with compliance frameworks (e.g. PCI DSS, NIST 800-53, SOC 2, ISO 27001).
Even Better If You Have:
Relevant certifications (e.g. OSCP, GWAPT, CSSLP, CASE).
Experience with cloud platforms (e.g. AWS, Azure, GCP) and their security features.
Exposure with securing containerized applications (e.g. Docker, Kubernetes).
Knowledge to perform penetration testing against AI models.
What We Offer:
Top-of-market competitive salary, bonus, and equity package
100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
Unlimited PTO, with your manager’s approval
Flexible work environment where you manage your work day
A remote-first environment, with occasional travel to collaborate with customers, your team, and teammates from across the company in person
Home office reimbursement
14 weeks of fully-paid parental leave
Salary range: $120,000-$140,000. This represents the typical salary range for this position based on experience, skills, and other factors.
Andesite is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status.
We encourage candidates from all backgrounds to apply, even if you don't feel like you're a perfect fit. If you're passionate about contributing to our mission, we'd love to hear from you!