Application Security Engineer at EdgeConneX

Herndon, Virginia, United States -

Full Time

Start Date

Immediate

Expiry Date

07 Jul, 26

Salary

0.0

Posted On

08 Apr, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Application security, Secure coding, Penetration testing, SAST, DAST, SCA, IAST, Threat modeling, DevSecOps, Cloud security, OWASP Top 10, API security, CI/CD integration, Burp Suite, Vulnerability management, Incident response

Industry

Telecommunications

Description

Led by an experienced management team and supported by a strong investor group, including large and experienced institutions and strategic partners, EdgeConneX offers a dynamic, fast-paced work environment where we are bringing flexibility, proximity, power, and connectivity to some of the world’s key businesses. With major offices in Herndon, Denver, and Amsterdam, we have a global footprint and a unified team of employees committed to providing a premier customer experience and delivering the full spectrum of data center solutions, from core to edge, like no other data center provider can do. Focused on driving innovation and helping our customers define and deliver their own unique vision for the Edge, at any scale, in any market worldwide, for any requirement, we are building tomorrow’s data center infrastructure, today for some of the world’s most demanding Network, Content, and Cloud customers. Application Security Engineer EdgeConneX is seeking a skilled and experienced Application Security Engineer to join our team. The ideal candidate will have at least five years of hands-on experience in application security, a bachelor’s degree or higher in Computer Science or a related field, strong knowledge of secure coding practices and relevant professional certifications. You will be responsible for ensuring the security of our software applications throughout the development life cycle, working closely with developers, architects, and IT teams to identify, remediate, and prevent security vulnerabilities. This position reports to our Global Head of Cybersecurity and is based in Herndon, VA and provides flexibility for a hybrid onsite work schedule. There is a limited amount of travel needed for this position, but the flexibility to do so would be ideal. Primary Responsibilities Conduct security assessments, code reviews, and penetration testing of web and mobile applications. Integrate security into all phases of the SDLC, from design through deployment. Perform application threat modeling, secure design reviews, and code reviews. Implement and manage application security testing tools (SAST, DAST, SCA, IAST). Collaborate with software development teams to integrate security best practices into the SDLC. Identify, analyze, and remediate vulnerabilities using industry-standard tools and methodologies. Develop and maintain security policies, standards, and guidelines for application development. Monitor emerging threats, vulnerabilities, and security technologies to ensure proactive protection. Provide guidance and training to developers on secure coding practices. Participate in incident response activities related to application-level threats. Prepare detailed security reports and documentation for stakeholders and compliance purposes. Support compliance and audit requirements related to application security. Perform Research & Development for AI Prompt Injection Attacks, Payloads for IoT devices (byte code may be required). Required Education & Experience Bachelor’s Degree or higher in Computer Science, Information Security, or a related discipline 5+ years of professional experience in application security engineering in addition to educational background and internships Strong knowledge of: AI, web and mobile application architectures and common vulnerabilities (e.g., OWASP Top 10). Web application and API security Authentication, authorization, and session management Encryption and secure data handling Experience with: Application security testing tools (SAST, DAST, SCA, IAST) CI/CD pipeline integration and DevSecOps practices Cloud-native application security (AWS, Azure, or GCP) Hands-on experience with security tools such as Burp Suite, OWASP ZAP, SAST/DAST scanners, and similar. Familiarity with secure coding practices in languages such as Java, C#, Python, or JavaScript. Professional security certifications such as CSSLP, CISSP, CEH, GWAPT, OSCP, Cloud security certifications (AWS / Azure Security) or equivalent. Excellent analytical, problem-solving, and communication skills. Ability to work collaboratively in a team environment and manage multiple projects simultaneously and proactive approach to improving security Strong documentation and reporting skills Experience that will make a candidate stand out Master’s Degree in a relevant IT field Direct experience with cloud security and establishing DevSecOps practices Knowledge of compliance frameworks such as PCI DSS, GDPR, or HIPAA Experience with containers and Kubernetes security Knowledge of Zero Trust and secure API gateways Experience with bug bounty programs or red team collaboration Contributions to open-source security projects or published research Extensive penetration testing experience EdgeConneX believes inclusion – of thought, backgrounds and experiences – affects all that we do, from our employees to the solutions we deliver. Our goal is to create an environment where embracing differences helps deepen the lives and work experience of our employees, enhances our innovation and creativity, and enriches our involvement in our communities. EdgeConneX is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin or ancestry, physical or mental disability, as well as any other category protected by applicable federal, state, or local laws. EdgeConneX offers a competitive benefits package. For more information on how we process your data, visit our Data Privacy Policy here.

Responsibilities

The Application Security Engineer will conduct security assessments, code reviews, and penetration testing to identify and remediate vulnerabilities. They will also integrate security best practices into the SDLC and collaborate with development teams to ensure secure software delivery.