Associate Application Security Engineer

North American
16 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
$ 125K

Job location

Remote

Tech stack

HTML
JavaScript
API
Amazon Web Services (AWS)
Data analysis
Software System Penetration Testing
Azure
Bash
Cloud Computing
Cloud Computing Security
CompTIA Security+
Computer Security
Cross-Origin Resource Sharing (Ajax Programming)
DevOps
DNS
Python
Kali Linux
Log Analysis
Network Protocols
NMap
Open Web Application Security
Powershell
Security Information and Event Management
TCP/IP
Software Vulnerability Management
Web Applications
Web Application Frameworks
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Grafana
Software Security
GIT
Kubernetes
Information Technology
Metasploit
Web Technologies
Terraform
Burpsuite
Docker
Vulnerability Analysis

Job description

Join our security team as an Associate Application Security Engineer and play a hands-on role in defending cloud infrastructure, networks, and modern web applications using enterprise-level tools. In this role, you will develop your expertise in vulnerability assessment and threat research while collaborating closely with engineering teams to drive timely and effective remediation. You'll leverage automation, scripting, and data analysis to scale security testing, reduce risk, and continuously monitor critical assets.

This is an excellent opportunity for an early-career security professional looking to grow their skills in a fast-paced, collaborative environment.

What you'll do:

  • Application protection and defense, recommend configuration changes, adjustments and enhancements for web application protection controls and monitor for and report on abnormal events.
  • Coordinate with application and infrastructure teams to ensure effective protections and responses.
  • Conduct application assessments and security tests together with the testing team. Maintain, add, enhance, and expand the scope of application assessments and penetration tests.
  • Use augmented instruments and tools for application assessments and evaluations.
  • Document, triage and track vulnerabilities and exposures as well as assisting and advising on remediation.
  • Identify and track risks and exposures, create leads for assessments
  • Document and maintain operational processes and procedures.

Requirements

Do you have a Bachelor's degree?, * Bachelor of Science in Cybersecurity, Computer Science, or an allied technical discipline, complemented by equivalent professional expertise.

  • Experience with web vulnerabilities, web attack paths, and web vulnerability remediation in modern web frameworks
  • Experience with cloud platforms (AWS, Azure, GCP) and their native security tools
  • Experience with security testing tools such as BurpSuite, nmap, Metasploit, and security testing distributions such as Kali Linux
  • Experience with data analysis and SIEM tools (e.g., Grafana, Opensearch, CS NextGen SIEM) for log analysis and monitoring
  • Strong networking fundamentals and familiarity with network protocols (HTTP/HTTPS, TCP/IP, DNS) and web technologies (HTML, JavaScript, APIs)
  • Basic scripting knowledge using Python, Bash, and PowerShell
  • Comfortable using terminals, scripting, and automation for WAF automation use-cases
  • Ability to translate complex technical vulnerabilities, threat impact, and remediation urgency into actionable, risk-prioritized reports for both technical and non-technical stakeholders

How to stand out (preferred):

  • Relevant industry certifications and qualifications (e.g., CompTIA Security+, CEH, OSCP, or equivalent) are a plus
  • Experience executing penetration testing aligned with OWASP Top 10 standards and modern browser security baselines
  • Experience partnering with engineering teams on vulnerability remediation, including CSP rules, secure CORS origins, and HSTS enforcement
  • Experience developing novel testing methodologies to bypass or harden application-layer defenses
  • Familiarity with DevOps tools (e.g., Docker, Kubernetes, Terraform, git) and CI/CD pipelines
  • Ability to refine automated security tools to reduce false positives and ensure continuous monitoring of critical web assets
  • Experience conducting security research and threat intelligence to advance organizational defenses
  • Knowledge of hardened security configurations including CSP rules, secure CORS origins, and strict HSTS enforcement

About the company

North, and our family of companies, are committed to helping entrepreneurs grow their businesses. As an end-to-end payment solutions company, we provide everything business owners need to get paid, whether they serve customers in a physical storefront, online, or both. We pride ourselves on being large enough to offer customized solutions to our enterprise-level clients while remaining agile enough to take an award-winning, hands-on approach to personal service that our merchants won't find anywhere else. Let's go North, together! Our most important resource is our people. Join our diverse team of innovators and do-ers and make your mark on the future of payments technology. We're proud to offer benefits that help our team members further their overall well-being through unique initiatives that are both personally and professionally fulfilling. At North, we celebrate diversity and create an inclusive environment for everyone. We are an equal opportunity employer. To learn more about North, and our family of companies, visit our website: north.com   You must create an Indeed account before continuing to the company website to apply

Apply for this position