Stefanini North America and APAC
Application Security Engineer
Stefanini North America and APAC, Atlanta, Georgia, United States, 30383
Overview
As a key member of our Internal Product Security Engineering team, you will lead penetration-testing engagements for high-scale web applications and APIs, validating security controls and uncovering exploitable weaknesses. In parallel, you will conduct structured threat-modeling workshops and security-design reviews for new features and services, managing each engagement from scoping to remediation follow-up in close partnership with engineering and cross-functional stakeholders. The insights you provide will drive prompt fixes and shape the organization's long-term security roadmap. Responsibilities Penetration Testing Plan, execute, and document manual and tool-assisted tests for enterprise-scale web apps and REST/GraphQL/gRPC APIs. Demonstrate exploitation paths (auth / logic / data exposure) and develop proofs-of-concept. Retest remediations and deliver clear, prioritized reports. Threat Modeling & Security Design Review Facilitate formal and informal Threat Modeling using STRIDE-like frameworks or Attack-Tree sessions for new or significantly modified services. Produce risk artefacts, recommend mitigations, and track closure of findings. Security Engineering & Advocacy Champion secure-by-default patterns (least privilege, IaC hardening, SDL best practices) across the SDLC. Contribute to internal security tooling and CI/CD guardrails.
Requirements
Bachelors degree in Computer Science, Engineering, or equivalent practical experience. 4+ years in product or application security engineering with hands-on web/API penetration-testing work. Expertise with a leading pentest platform (Burp Suite Pro, OWASP ZAP, Nuclei, etc.). Scripting/automation ability in Python, Go, or similar; quick at reading unfamiliar codebases. Practical experience with STRIDE or comparable threat-model frameworks. Familiarity with cloud-native environments (microservices, Kubernetes, serverless). Communication: Exceptional written and verbal skills for both technical and non-technical audiences.
Preferred Qualifications
Offensive-security certifications (OSCP, OSWE, OSWA, BSCP). Secure-coding experience in languages such as Java, Node.js, C#, Python, or Rust. Experience in security controls for cloud platforms such as AWS, Azure, or Google Cloud. Open-source contributions, bug-bounty recognitions, or CTF placements. Exposure to mobile or desktop application security. Knowledge of or interest in AI security controls and testing.
Personal Attributes
Maintains professionalism under pressure. Self-driven and proactive. Thrives on complex challenges.
Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
IT Services and IT Consulting, Investment Banking, and Financial Services #J-18808-Ljbffr
As a key member of our Internal Product Security Engineering team, you will lead penetration-testing engagements for high-scale web applications and APIs, validating security controls and uncovering exploitable weaknesses. In parallel, you will conduct structured threat-modeling workshops and security-design reviews for new features and services, managing each engagement from scoping to remediation follow-up in close partnership with engineering and cross-functional stakeholders. The insights you provide will drive prompt fixes and shape the organization's long-term security roadmap. Responsibilities Penetration Testing Plan, execute, and document manual and tool-assisted tests for enterprise-scale web apps and REST/GraphQL/gRPC APIs. Demonstrate exploitation paths (auth / logic / data exposure) and develop proofs-of-concept. Retest remediations and deliver clear, prioritized reports. Threat Modeling & Security Design Review Facilitate formal and informal Threat Modeling using STRIDE-like frameworks or Attack-Tree sessions for new or significantly modified services. Produce risk artefacts, recommend mitigations, and track closure of findings. Security Engineering & Advocacy Champion secure-by-default patterns (least privilege, IaC hardening, SDL best practices) across the SDLC. Contribute to internal security tooling and CI/CD guardrails.
Requirements
Bachelors degree in Computer Science, Engineering, or equivalent practical experience. 4+ years in product or application security engineering with hands-on web/API penetration-testing work. Expertise with a leading pentest platform (Burp Suite Pro, OWASP ZAP, Nuclei, etc.). Scripting/automation ability in Python, Go, or similar; quick at reading unfamiliar codebases. Practical experience with STRIDE or comparable threat-model frameworks. Familiarity with cloud-native environments (microservices, Kubernetes, serverless). Communication: Exceptional written and verbal skills for both technical and non-technical audiences.
Preferred Qualifications
Offensive-security certifications (OSCP, OSWE, OSWA, BSCP). Secure-coding experience in languages such as Java, Node.js, C#, Python, or Rust. Experience in security controls for cloud platforms such as AWS, Azure, or Google Cloud. Open-source contributions, bug-bounty recognitions, or CTF placements. Exposure to mobile or desktop application security. Knowledge of or interest in AI security controls and testing.
Personal Attributes
Maintains professionalism under pressure. Self-driven and proactive. Thrives on complex challenges.
Seniority level
Mid-Senior level Employment type
Contract Job function
Information Technology Industries
IT Services and IT Consulting, Investment Banking, and Financial Services #J-18808-Ljbffr