aresmgmt
aresmgmt~2h ago
New

AppSec Security Engineer

2 Locationsmid
EngineeringSecurity Engineer
1 views0 saves0 applied

Quick Summary

Key Responsibilities

Embed SAST, SCA, DAST, container/IaC scanning, and secret detection tools into pipelines for home-grown apps. Infrastructure as Code: Develop secure IaC patterns using Terraform, Helm, and Kustomize.

Technical Tools
EngineeringSecurity Engineer

Reports to: Cybersecurity Engineering Manager

Direct Reports: None

We are seeking an experienced Application Security Engineer to build, mature, and scale our AppSec program. In this role, you will embed directly with our Product and Engineering teams to secure both our third-party SaaS applications and our home-grown applications. You will serve as a trusted security consultant and a hands-on engineer. You will review complex API designs, threat model new features, and build custom security tooling. You will play a critical role in defining security development standards from scratch and automating security controls directly into our CI/CD pipelines.

We’re seeking someone who is excited to bring an automation-first mindset and who knows how to balance developer needs with risk-informed pragmatism. You will bridge security, development and operation cultures by translating between development who want speed, security teams who want safety, and operation teams who want stability.

We value diverse backgrounds, perspectives, and experiences, and we are committed to building a team where everyone feels they belong. We especially encourage candidates from underrepresented communities in cybersecurity and technology to apply. Our interview process focuses on problem-solving ability, practical skills, and collaborative mindset.

Responsibilities

~1 min read

You will help advance our automation‑first engineering strategy by designing and maintaining the foundational systems that enable secure, reliable, and scalable software delivery across the organization.

None 

  • Pipeline Integration: Embed SAST, SCA, DAST, container/IaC scanning, and secret detection tools into pipelines for home-grown apps.
  • Infrastructure as Code: Develop secure IaC patterns using Terraform, Helm, and Kustomize.
  • Build Security Tooling: Partner with engineering teams to establish and champion secure coding standards, creating reusable security patterns and libraries that make it easier for developers to build securely by default
  • AI-empowered Review Assistance: Integrate and leverage AI agents to help increase velocity for the security team and the overarching engineering org to ensure that we are proactive in minimizing risk while we build products
  • Security Design & Threat Modeling: Lead security design and threat modeling sessions based on OWASP Top 10 and Mitre & Attack with Product and Engineering teams during early software design phases
  • API Security Evaluation: Review API designs and integrations to eliminate authentication anti-patterns, token mismanagement, and injection risks.
  • Cloud & Container Security: Define and validate security controls for Azure and Kubernetes to mitigate application-layer risks.
  • Program Maturation: Define AppSec coverage, tooling, and assessment processes from scratch across our application landscape. Own and evolve our application security program including establishing and maintaining SAST/DAST scanning in CI/CD pipelines, conducting security code reviews for critical changes, and building automation that catches vulnerabilities before they reach production
  • Stakeholder Management: Partner with engineering  teams and stakeholders to remediate vulnerabilities and drive long-term improvements in secure coding practices
  • Risk Communication: Translate complex security risks into clear, actionable engineering requirements for development teams

Requirements

~2 min read
  • Proficient in SAST/SCA/DAST, container/IaC scanners, and secret scanning into pipelines
  • Hands-on with one or more CI/CD stacks (GitHub Actions, GitLab CI, Azure DevOps, Jenkins)
  • Proficient in Terraform/IaC, Kubernetes, and cloud provider security (Azure preferred)
  • Significant hands-on application security experience, , including expert knowledge of established standards (OWASP Top 10, API Security Top 10, OWASP LLM Top 10) and how common vulnerability classes manifest in production systems
  • Strong Threat modeling and security review experience with Product and Engineering teams
  • Experience building security tooling or automation (scripts, pipelines, libraries)
  • Familiarity with Azure and Kubernetes security controls as they relate to application-layer risks
  • Demonstrated experience reviewing API designs and implementations for auth anti-patterns, token mismanagement, injection risks, and sensitive data exposure
  • Experience building or maturing an AppSec program where coverage, tooling, or process needed to be defined from scratch
  • Familiarity with OIDC workload identity, artifact registries, and software supply chain controls
  • Clear communicator who can translate risk into engineering work
  • Built policy gates with OPA/Gatekeeper or Kyverno; authored custom policies.
  • Strong sense of ownership, accountability, and attention to detail.
  • Ability to manage competing priorities and deliver results in a dynamic environment while maintaining healthy work practices.
  • Proven track record of developing and maintaining structured processes that support efficiency, scalability, and rapid business growth.
  • Inclusive leadership style; ability to work effectively with collaborators who have diverse backgrounds, communication styles, and technical strengths.
  • Curiosity and a growth mindset, with the ability to adapt approaches to evolving technology landscapes.
  • Strong communication skills for bridging technical and business perspectives.
  • Role requires occasional coordination with global teams; we support flexible scheduling to accommodate individual needs.
  • The team supports different communication and work styles.
  • Bachelor’s degree, relevant technical training, or equivalent hands-on experience. We welcome candidates with nontraditional educational paths.
  • Azure Security Certification is preferred
  • Advanced certifications in cloud and AI security are a plus.

What We Offer

~2 min read

You will have the opportunity to define foundational controls for rapidly expanding cloud and AI environments, influence enterprise-wide security strategy, and collaborate with highly skilled engineering and security teams across the organization. Your work will directly safeguard the platforms that power next-generation innovation in one of the industry’s most dynamic environments.

We are committed to equitable hiring. Candidates may qualify through a combination of education, training, lived experience, or self-directed learning. If you’re excited about the role but don’t meet every listed requirement, we encourage you to apply.

The anticipated base salary range for this position is listed below. Total compensation may also include a discretionary performance-based bonus. Note, the range takes into account a broad spectrum of qualifications, including, but not limited to, years of relevant work experience, education, and other relevant qualifications specific to the role.

$240,000 - $270,000

The firm also offers robust Benefits offerings. Ares U.S. Core Benefits include Comprehensive Medical/Rx, Dental and Vision plans; 401(k) program with company match; Flexible Savings Accounts (FSA); Healthcare Savings Accounts (HSA) with company contribution; Basic and Voluntary Life Insurance; Long-Term Disability (LTD) and Short-Term Disability (STD) insurance; Employee Assistance Program (EAP), and Commuter Benefits plan for parking and transit.

Ares offers a number of additional benefits including access to a world-class medical advisory team, a mental health app that includes coaching, therapy and psychiatry, a mindfulness and wellbeing app, financial wellness benefit that includes access to a financial advisor, new parent leave, reproductive and adoption assistance, emergency backup care, matching gift program, education sponsorship program, and much more.

There is no set deadline to apply for this job opportunity. Applications will be accepted on an ongoing basis until the search is no longer active.

Location & Eligibility

Where is the job
Location terms not specified
Who can apply
Same as job location

Listing Details

First seen
July 9, 2026
Last seen
July 9, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
49%
Scored at
July 9, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

aresmgmtAppSec Security Engineer