Application Security Engineer – Sunnyvale, CA/Austin, Tx

Ztek Consulting Logo
Ztek Consulting
Austin, TX, United States
  • Construction
  • FullTime

Job Description

Specialized expertise in application security testing, secure architecture, and vulnerability management across a variety of enterprise environments.

Key Responsibilities

  • Perform manual web application and mobile penetration testing.
  • Identify, validate, and prioritize vulnerabilities, delivering actionable remediation and migration recommendations.
  • Conduct code assisted reviews, architecture assessments, and threat modeling exercises.
  • Research emerging vulnerabilities, exploit techniques, and security technologies to proactively improve defenses.
  • Develop and deliver clear, comprehensive reports and presentations for technical and non-technical audiences.
  • Assess and secure applications and services that incorporate AI/ML models or LLM-based functionality.
  • Evaluate AI system components (data inges4on, model APIs, inference endpoints) for security and privacy risks.

Required Qualifications:

  • 5+ years of experience as an Application Security Engineer, Principal Security Consultant, or Senior Penetration Tester in an enterprise

environment.

  • Proven experience manually testing web applications and performing enterprise-level penetration testing.
  • Strong understanding of Web and Mobile application security testing, methodologies, and common vulnerabilities.
  • Proficiency in at least one scripting language (Python, Perl, Ruby, PHP) and one programming language (Java, Objective-C).
  • Proficiency with Mac OS X and/or UNIX/Linux systems.
  • General understanding of secure network architecture and design, including segmentation, ACLs, and secure communication protocols.
  • General knowledge of common web technology stacks (LAMP, LEMP, MEAN, etc.) and their associated security considerations.
  • General understanding of AWS services (EC2, S3, KMS, RDS) and security best practices relevant to those services.
  • Ability to explain basic networking concepts (routing, load balancing, SSL/TLS, TCP/IP) to support secure application architecture reviews.
  • Ability to ascertain and clearly articulate the size and scope of security assessments and penetration testing engagements.
  • Solid understanding of the OWASP Top 10 and CWE Top 25 vulnerabilities (e.g., XXE, XSS, SQLi, SSRF).
  • Strong communication skills both written and verbal with the ability to convey complex technical issues to diverse audiences.
  • Demonstrated passion for continuous learning, vulnerability research, and staying ahead of evolving threat landscapes.
Apply for job