CybersecurityJobs.io
← Back to all jobs

Job Description

The Application Security Engineer role at Wolfe, LLC is a hands-on position based in Pittsburgh, PA, onsite five days a week. The role collaborates with developers and DevOps to embed security into software delivery, encompassing code reviews, CI/CD hardening, and vulnerability management across applications, containers, and cloud infrastructure. Salary is USD 110,000 to 120,000 per year.

Responsibilities

  • Perform code reviews, SAST/DAST testing, basic penetration tests, and basic threat modeling, partnering with developers to remediate vulnerabilities across application code, libraries, containers, and infrastructure as code.
  • Integrate and run automated security tooling such as Snyk, SemGrep, or Cycode within CI/CD pipelines across code repositories (GitHub, GitLab, Jenkins, AWS DevOps), and assist with triage and reporting of findings.
  • Manage a vulnerability management program, vulnerability scanning tools, and the enterprise Bug Bounty program, tracking and prioritizing remediation against defined SLAs.
  • Support operation and improvement of Bot Management, WAF, secrets management, and API security controls across Wolfe's applications.
  • Apply and promote secure coding standards aligned to OWASP and SANS CWE Top 25, and contribute to measuring DevSecOps maturity using DSOMM or BSIMM.
  • Collaborate with developers, security operations, product management, and incident response teams, sharing secure-coding and vulnerability-management practices while growing personal expertise.

Requirements

  • Minimum 2 years of experience in application security, DevSecOps, or software development with security exposure; equivalent experience accepted in lieu of a degree; Bachelor's in Information Security, Cybersecurity, Computer Science, or related field.
  • Hands-on coding background with knowledge of secure coding principles (OWASP Top 10, SANS CWE Top 25).
  • Some hands-on exposure to CI/CD pipelines (GitHub, GitLab, Jenkins, or AWS DevOps) and an interest in integrating security tooling into them.
  • Strong verbal and written communication skills, with the ability to explain security concepts to both technical and non-technical teammates.
  • Eagerness to learn enterprise security tooling (vulnerability scanners, Bot Management, SAST/DAST/SCA) and maturity frameworks like DSOMM or BSIMM; deep prior experience with these is a plus, not a requirement.
  • No certifications required; experience with CISSP, OSCP, GCSA, AWS Security Specialty, or CSSLP is a plus, and Wolfe will support earning them.

Technologies

  • Snyk
  • SemGrep
  • Cycode
  • GitHub
  • GitLab
  • Jenkins
  • AWS DevOps
  • DSOMM
  • BSIMM
  • OWASP Top 10
  • SANS CWE Top 25
  • SAST
  • DAST
  • SCA
  • Bot Management
  • WAF

Benefits

  • Restricted Stock Units (RSUs)
  • Profit share and/or incentive bonus
  • Medical, Prescription, Vision, and Dental insurance for employees and dependents (Wolfe pays 80% of premium)
  • Short-Term Disability Insurance (Wolfe pays 100% of premium)
  • Voluntary Long-Term Disability Insurance, Life Insurance, Critical Illness Insurance, Accident Insurance, and Hospital Indemnity coverage
  • PTO (vacation and sick time)
  • Corporate Holidays and Floating Holidays
  • 401(k)
  • Employee recognition program
  • Charitable Donation to a charity of your choice yearly
  • Employee Referral Bonus
  • Tuition Reimbursement
  • Internal Training and Information sessions
  • Family Picnic, Holiday Party, and other outings
  • Internal Culture Club

Impact Statement

  • Update existing Application Security Strategy and improve monitoring and reporting on KPIs.
  • Make a significant improvement to at least one automated security tool (DAST, SAST, SCA, or container scanning) in the production CI/CD pipeline, with results feeding a documented triage workflow.
  • Drive additional Bug Bounty submissions and improve bot management protections prior to end of Q3.
  • Provide product and technology advisement and testing for new application and AI functionality.
  • Develop and plan a purposeful Application and AI development training program.

Similar Jobs