Application security test Engineer

Role: Application security testing Engineer
Experience: 8 to 10 years
Location: Seattle, W
Job Type: Full Time

Salary Range- $95,000-$130,000 a year

Roles & Responsibilities
We are seeking a hands-on Application Security Engineer with strong experience in security testing, vulnerability assessment, and ethical (white-hat) security practices. The ideal candidate is proactive, has excellent problem-solving skills, and can identify, analyze, and remediate security risks across enterprise web and API-based applications. Banking or financial services experience is strongly preferred, along with a solid understanding of authentication and authorization flows.

Key Responsibilities

• Perform application security testing including SAST, DAST, and IAST for web and API-based applications.
• Conduct vulnerability assessments and penetration testing using ethical/white-hat techniques.
• nalyze findings, determine risk severity, and provide clear remediation guidance to engineering teams.
• Validate fixes through re-testing and ensure vulnerabilities are fully mitigated.
• Collaborate with development, DevOps, and architecture teams to embed security-by-design practices.
• Support secure code reviews, threat modeling, and architecture risk assessments.
• ssist with incident analysis, root-cause investigations, and continuous security improvements.
• Stay current with emerging threats, OWASP Top 10, and evolving attack vectors.

Must-Have Skills

• Strong experience in application security testing and vulnerability management.
• Hands-on expertise with ethical (white-hat) security testing techniques.
• Deep understanding of common vulnerabilities (OWASP Top 10).
• Experience performing both automated and manual security testing.
• Excellent analytical, problem-solving, and critical thinking skills.
• bility to proactively identify risks and take end-to-end ownership of findings.
• Strong communication skills to explain security risks to technical and non-technical audiences.

Preferred / Highly Desirable Skills

• Banking or Financial Services domain experience with exposure to regulatory security requirements.
• Strong understanding of authentication and authorization flows (OAuth 2.0, OpenID Connect, SAML, JWT).
• Experience securing API-driven and microservices-based architectures.
• Familiarity with IAM concepts, RBAC/ABAC, and secure session management.
• Exposure to cloud security (AWS and/or Azure), including IAM and secrets management.
• Experience integrating security testing into CI/CD pipelines (DevSecOps).
• Security Tools & Technologies
• SAST / DAST tools (e.g., Checkmarx, Fortify, Veracode, Burp Suite, OWASP ZAP).
• Vulnerability scanning and tracking tools.
• Secure code review and API security testing tools.
• Logging and monitoring platforms (e.g., Splunk) for security analysis.

Certifications (Nice-to-Have)

• CEH, GWAPT, OSCP, CISSP, CSSLP or equivalent security certifications.

Soft Skills / Expectations

• Strong ownership mindset with a proactive security-first approach.
• bility to collaborate effectively across distributed teams.
• Comfortable working in fast-paced, high-risk environments.
• Passion for continuous learning and staying ahead of security threats

Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.