Application Security Specialist jobs in United States
cer-icon
Apply on Employer Site
company-logo

Attractivate Consulting Solutions · 2 weeks ago

Application Security Specialist

positionHouston, TX
timeFull-time
remoteOnsite
seniorityMid, Senior Level
date3+ years exp

Attractivate Consulting Solutions is seeking an Application Security Specialist to manage application-layer security across their product portfolio. The role involves collaborating with engineering, product, and DevOps teams to enhance security practices while maintaining development velocity.

Information Technology & Services

Responsibilities

Conduct threat modeling and security design reviews for new features and major refactors
Perform hands-on secure code reviews (automated + manual) across Python, Go, TypeScript, Java, Kotlin, and React/React Native
Build, tune, and maintain SAST, DAST, SCA, and IAST tools in the pipeline (Semgrep, SonarQube, Checkmarx, Snyk, Burp Enterprise, Contrast, etc.)
Run internal red-team exercises and coordinate external penetration tests
Manage and triage findings from our private bug bounty program on HackerOne
Create lightweight, actionable secure coding guidelines and deliver regular training
Drive remediation of vulnerabilities and track metrics (MTTR, escape rate, etc.)
Own software supply chain security (SBOM generation, dependency hardening, code signing)
Partner with compliance teams on SOC 2 Type II, ISO 27001, FedRAMP, and customer audits
Research new attack techniques and implement proactive defenses

Qualification

Application SecuritySecure Code ReviewCI/CD IntegrationPythonBurp Suite ProCommunication

Required

3–8 years of direct application security or secure development experience
Strong understanding of modern web vulnerabilities (OWASP Top 10, API Top 10, OAuth/OpenID flaws, JWT issues, GraphQL insecurities, etc.)
Ability to read and write production-quality code in at least two of: Python, Go, JavaScript/TypeScript, Java, Kotlin/Swift
Real-world experience exploiting and fixing serious bugs (SSRF, IDOR, RCE, deserialization, etc.)
Hands-on experience with Burp Suite Pro, sqlmap, Nuclei, ffuf, and similar tools
Proven ability to integrate security tools into CI/CD (GitHub Actions, GitLab CI, Jenkins, CircleCI)
Excellent written and verbal communication — you can write a clear finding that developers actually

Company

Attractivate Consulting Solutions

twitter
company-logo
Attractivate Consulting Solutions is a team of industry experts who understand the dynamic and critical role that technology has in driving business success.
dateFounded in 2024
location
Houston, Texas, US
people-size2-10 employees
web-link
https://attractivate.com/

Funding

Current Stage
Early Stage
Company data provided by crunchbase