Skip to content
ZocdocZocdocUnited States

Application Security Engineer

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k
RemoteSecurity Engineering

About the role

Your day to day is...

  • Serving as an accessible point of contact for engineering squads, helping teams understand and follow secure development lifecycle guidelines.
  • Assisting developers in reviewing and interpreting alerts from static analysis and software composition analysis tools, including helping distinguish true vulnerabilities from false positives.
  • Providing clear, actionable guidance on remediating common application security vulnerabilities, including issues aligned to the OWASP Top 10.
  • Helping maintain internal security documentation, developer playbooks, and secure coding training materials so that compliance expectations are clear and achievable.
  • Supporting application security governance by tracking key security milestones and organizing technical evidence from repositories and deployment pipelines for compliance audits.
  • Monitoring application security metrics, including vulnerability patch timelines and policy exceptions, to support regular leadership reporting.
  • Working with cutting-edge GenAI tools and technology while supporting AI governance frameworks and helping ensure AI-enabled workflows align with privacy and security guardrails.

You’ll be successful in this role if you have…

  • Meaningful experience in an information security role, software engineering position, or IT audit function with an application security focus.
  • A foundational understanding of software development processes and how security fits into agile environments.
  • Familiarity with code review concepts and comfort reading at least one major language used in cloud environments, such as Python, JavaScript, Go, or Java.
  • Basic exposure to cloud environments such as AWS, GCP, or Azure, along with an understanding of Git workflows.
  • A conceptual understanding of vulnerability categories and web application security standards.
  • An interest in emerging technology trends, especially AI security risks and automated workflows.
  • Required: the ability to integrate generative AI tools into daily workflows to automate tasks, foster innovation, and maximize productivity.
  • A degree in Computer Science, Cybersecurity, or a related technical field is preferred, though equivalent hands-on experience or certifications such as Security+, GSEC, or CEH are also highly valued.
  • Superb communication skills, humility, and a collaborative approach to supporting stakeholders across engineering and security.

Benefits

  • Flexible work environment
  • Unlimited Vacation
  • 100% paid employee health benefit options (including medical, dental, and vision)
  • 401(k) with employer funded match
  • Corporate wellness program with Wellhub
  • Sabbatical leave (for employees with 5+ years of service)
  • Competitive paid parental leave and fertility/family planning reimbursement
  • Cell phone reimbursement
  • Employee Resource Groups and ZocClubs to promote shared community and belonging
  • Great Place to Work Certified

Zocdoc is committed to fair and equitable compensation practices. Salary ranges are determined through alignment with market data. Base salary offered is determined by a number of factors including the candidate’s experience, qualifications, and skills. Certain positions are also eligible for variable pay and/or equity.

Skills

Application SecuritySecure SdlcStatic AnalysisScaOwasp Top 10PythonJavaScriptGoJavaAWSGCPAzureGitGenerative AISecurity+
Trail of Bits

Security Engineer, Application Security

Trail of BitsUnited States

Conduct low-level code security assessments, architecture reviews, and threat modeling for client applications. Build custom security tools bridging vulnerability research and application security. Requires manual code review, binary analysis, and programming proficiency in multiple languages.

100k – 200k
Remote5+ YOESecurity Engineering
BlackCloak

Security Engineer (Security Operations, Zero Trust)

BlackCloakUnited States

Security Engineer focused on security operations, incident response, and Zero Trust implementation. Designs, deploys, and supports security tools like SIEM, EDR, and Cloudflare; triages alerts, automates responses, and collaborates on cloud/IAM security. Requires 3-5 years experience in cloud-native security engineering.

100k – 140k
Remote3+ YOESecurity Engineering
Harvey

Compliance Analyst

HarveySan Francisco, CA

This Compliance Analyst role at Harvey involves owning and maintaining compliance documentation, coordinating evidence collection, and supporting third-party assessments. The role requires hands-on compliance work, close collaboration with Engineering and Security teams, and a detail-oriented approach to ensure program health and continuous monitoring.

99k – 149k
Hybrid3+ YOESecurity Engineering
Metropolis

Security Engineer II

MetropolisLos Angeles, CA

Security Engineer II responsible for monitoring security alerts, responding to incidents, administering enterprise security tools, and supporting cloud and identity security initiatives. Requires 3+ years in cybersecurity or related fields with strong scripting and troubleshooting skills.

105k – 150k
On-site3+ YOESecurity Engineering
Astra

GRC Program Manager

AstraUnited States

Owns end-to-end execution of GRC programs including SOC 1/2, PCI DSS, and ISO 27001 audits, control design, risk assessments, and vendor management. Partners with engineering to implement technical controls and documentation for scalable compliance in fintech.

95k – 135k
Remote3+ YOESecurity Engineering