[Remote] Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. Bright Vision Technologies is a forward-thinking software development company dedicated to building innovative solutions that help businesses automate and optimize their operations. They are looking for a skilled Application Security Engineer to embed security throughout the software development lifecycle, partnering with engineering teams to design secure systems and identify vulnerabilities. The role involves hands-on security work and collaboration to help teams build secure software efficiently.

Responsibilities

• Conduct threat modeling and security architecture reviews for new and existing applications and services
• Perform manual code reviews, secure design consultations, and pair with engineering teams on hardening critical components
• Operate and tune SAST, DAST, IAST, SCA, and secret-scanning tools across CI/CD pipelines
• Drive vulnerability management workflows including triage, prioritization, owner assignment, and SLA tracking
• Build paved-road libraries and frameworks that make secure patterns the default for engineering teams
• Lead red-team and purple-team exercises against internal applications and drive remediation of identified weaknesses
• Implement and operate runtime protections including WAF, RASP, bot protection, and abuse-detection mechanisms
• Design and enforce secure authentication, authorization, session management, and cryptographic patterns
• Partner with infrastructure and platform teams to harden container, Kubernetes, and cloud environments
• Develop and deliver application security training, lunch-and-learns, and onboarding content for engineering staff
• Respond to security incidents involving application vulnerabilities or active exploitation
• Track and apply emerging threats and CVEs that may affect the application portfolio
• Maintain comprehensive, current technical documentation — including architecture diagrams, design decisions, configuration references, runbooks, and operational procedures — so that the system remains supportable, auditable, and easy to onboard new engineers onto over time
• Stay current with application security research and emerging defensive tooling

Skills

• Bachelor's degree in Computer Science, Cybersecurity, or a related field
• Five or more years of application security or security engineering experience
• Strong understanding of OWASP Top 10, common vulnerability classes, and modern exploit patterns
• Hands-on experience performing code review across at least two major languages
• Deep familiarity with SAST, DAST, SCA, and CI/CD-integrated security tooling
• Strong understanding of authentication, authorization, and cryptographic primitives
• Experience with cloud security and modern infrastructure controls
• Strong communication skills with technical and non-technical audiences
• Proficiency in at least one programming language for tooling and automation
• Experience working closely with engineering teams in an Agile environment
• Industry certifications such as OSCP, OSCE, GWAPT, or CISSP
• Experience with offensive security tooling and red-team operations
• Bug bounty experience, public CVEs, or open-source security contributions
• Familiarity with AI/LLM application security considerations
• Exposure to regulated industries with strict compliance requirements

Benefits

• Competitive base salary commensurate with experience, plus benefits.
• Full-time, direct W2 with Bright Vision Technologies (no C2C, no 1099, no third-party).
• We will support H1B transfers for qualified candidates.

Company Overview