Application Security Engineer

Application Security Engineer

Your Impact

The Application Security Engineer is responsible for embedding security throughout the software development lifecycle (SDLC), leading application security testing, and driving vulnerability remediation efforts.

About CivicPlus

At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

What You’ll Do

As a AppSec Engineer, you will:

• Perform security code reviews, threat modeling, and architecture reviews across all development projects as part of secure Software Development Lifecycle (SDLC).
• Collaborate with development teams to integrate secure design, secure coding standards, and security controls across the SDLC.
• Identify, track, and validate vulnerabilities and security defects from security testing and scanning, collaborating with development teams to inform and prioritize remediation within compliance timeline requirements.
• Coordinate external, independent penetration testing of production environments.
• Lead application security testing, including static, dynamic, and interactive application security testing (SAST, DAST, IAST).
• Serve as a subject matter expert on application security vulnerabilities (such as the OWASP Top 10) and emerging threats.
• Partner closely with organizational functions and key stakeholders to provide guidance, tooling, and training to development teams and ensure secure design principles are applied, risks are mitigated, and applications are resilient against modern threats.

What We’re Looking For

We know that excellent candidates come from diverse backgrounds. Even if you don’t meet 100% of the listed requirements, we encourage you to apply!

Preferred Qualifications

Experience

• 3 – 7 Years of experience in application security, secure development, penetration testing, or related field
• Working experience in application testing or security testing tooling (including SAST, DAST, and/or IAST)
• Working experience integrating secure design principles into change management, code review, CI/CD pipelines, and supporting secure development operations.

Certifications

• Security+, GSEC, GSSP or equivalent
• Bachelor’s