# Application Security Engineer

**Company:** [Oneleet](https://hotfix.jobs/companies/oneleet)
**Location:** Remote
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** Application Security, Go, Python, TypeScript, Security Tooling, Vulnerability Research, Cve, Cwe, False Positive Reduction, Severity Scoring, Exploit Reasoning, Open Source Security
**Posted:** 2026-05-28

> Application Security Engineer building and tuning the security judgment layer for a cybersecurity platform, integrating tooling, reducing noise, and partnering with product and engineering teams.

## Job Description

## Key Responsibilities
- Own the integration, configuration, and output quality of security tooling that powers our platform
- Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich
- Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming
- Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning
- Partner with engineers on how findings are presented in the UI and how remediation flows work
- Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next
- Review and shape architectural choices that affect security outcomes
- Engage with customers directly to understand how they use the platform and what's blocking adoption
- Benchmark our output quality against competitors and close gaps where they exist
- Contribute back to the open source security tooling we depend on where it makes sense

## Qualifications
- 5+ years of application security experience, with significant time shipping security products
- Strong programming skills in at least one of Go, Python, or TypeScript
- Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models
- Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning
- Experience determining what makes a security finding actionable vs. just technically true
- Excellent communication skills and comfort working directly with customers
- Pragmatic approach to building things fast without unnecessarily complicating things
- Experience thriving in a fast-moving, start-up engineering environment

## Nice-to-Haves
- Prior experience shipping a security product at a vendor
- Contributions to open source security tooling
- Offensive security background or OSCP / similar certifications
- Hands-on experience with LLM agents, tool use, or autonomous AI systems

## Similar roles

- [Security Program Manager](https://hotfix.jobs/jobs/e7f7fcaf-1979-4194-9131-83689809fe47) - Forus - New York, NY
- [Safeguards Enforcement Analyst, Account Takeover & Credential Abuse](https://hotfix.jobs/jobs/31f5d0ec-9b31-4419-a4b1-2e826ec7a358) - Anthropic - San Francisco, CA - $245k – $285k/yr
- [Application Security Engineer](https://hotfix.jobs/jobs/d240253e-6098-4419-8f04-aaf793f42c03) - Zocdoc - Remote - $100k – $140k/yr
- [Detection & Mitigation Engineer](https://hotfix.jobs/jobs/61def9c4-f4a5-41a5-99c6-579a61033a73) - Cloudflare
- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr

**Apply:** https://hotfix.jobs/jobs/7e0684d3-9196-4a3a-b709-830cc9cf8454
**Canonical:** https://hotfix.jobs/jobs/7e0684d3-9196-4a3a-b709-830cc9cf8454