Application Security Engineer

The Application Security Engineer is responsible for embedding security throughout the software development lifecycle (SDLC), leading application security testing, and driving vulnerability remediation efforts.  

At CivicPlus, we strive to bring our company vision to life through innovation and collaboration. Supported by approachable leadership and transparent communication, we're empowered to make an impact on local government and the residents they serve. Grow your career alongside great people, where authenticity is welcome, successes are celebrated, and potential is nurtured.

As a AppSec Engineer, you will:

• →Perform security code reviews, threat modeling, and architecture reviews across all development projects as part of secure Software Development Lifecycle (SDLC).
• →Collaborate with development teams to integrate secure design, secure coding standards, and security controls across the SDLC.
• →Identify, track, and validate vulnerabilities and security defects from security testing and scanning, collaborating with development teams to inform and prioritize remediation within compliance timeline requirements.
• →Coordinate external, independent penetration testing of production environments.
• →Lead application security testing, including static, dynamic, and interactive application security testing (SAST, DAST, IAST).
• →Serve as a subject matter expert on application security vulnerabilities (such as the OWASP Top 10) and emerging threats.
• →Partner closely with organizational functions and key stakeholders to provide guidance, tooling, and training to development teams and ensure secure design principles are applied, risks are mitigated, and applications are resilient against modern threats. 

We know that excellent candidates come from diverse backgrounds. Even if you don’t meet 100% of the listed requirements, we encourage you to apply!

This role offers:

• Embed security into how software is built. Partner with engineering teams to integrate secure design and coding practices throughout the development lifecycle.
• Find and fix vulnerabilities before they become risks. Lead application security testing and guide remediation across modern SaaS and cloud-based platforms.
• Be a trusted security advisor to developers. Provide hands-on guidance, tooling, and training that help teams build resilient applications from the start.
• Strengthen the security of products used by local governments. Help ensure CivicPlus applications remain secure, reliable, and resilient against evolving threats.

• Introductory call with Talent Acquisition
• Interview with the Hiring Manager
• Panel Interview with CivicPlus team members, including an interview project activity
• Offer

Note: The process may vary slightly depending on the role. 

•  CivicPlus is currently unable to provide visa sponsorship for this position now or in the future. Applicants must be authorized to work in the US. 
• We encourage you to apply as soon as possible, as applications will be reviewed on a rolling basis, and the posting may close earlier at the discretion of the Talent Acquisition team

CivicPlus is proud to be an Equal Employment Opportunity employer. We celebrate and support diversity for the benefit of our employees, products, clients, and communities. Reasonable accommodations are available during the interview process.