Senior Application Security Engineer

CertiPath, Inc.
Reston, United States of America
1 month ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Reston, United States of America

Tech stack

Artificial Intelligence
Software System Penetration Testing
Automation of Tests
Burp Suite
Cloud Computing
Cloud Computing Security
Information Leak Prevention
Linux
Emulators
Python
Kali Linux
Open Web Application Security
Web Application Security
Large Language Models
Software Security
Kubernetes

Job description

This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization.

This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support.

This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level., * Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.

  • Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
  • Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
  • Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
  • Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
  • Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
  • Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
  • Support go-to-market efforts for highly regulated environments.

Requirements

Do you have experience in Web Application Security Testing?, * U.S. citizenship and the ability to obtain a government clearance.

  • 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
  • Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
  • Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
  • Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
  • Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
  • Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
  • Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
  • Proven ability to define and drive high-level application security strategy and plans.
  • Excellent communication skills for reporting findings and influencing outcomes.

We're extra impressed by folks who have:

  • Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
  • Prior experience testing in government or regulated environments

Benefits & conditions

Pulled from the full job description

  • 401(k)
  • Health insurance
  • 401(k) matching
  • Vision insurance
  • Health savings account
  • Dental insurance
  • Unlimited paid time off

Apply for this position