Application Security Engineer

Application Security Engineer | Chicago

A globally recognized financial institution is quietly expanding its Application Security Engineering team. They're seeking a Security Engineer with a strong background in application security testing to help secure mission-critical platforms used at massive scale.

What You'll Do

• Perform manual blackbox/whitebox security testing for web, API, mobile, and client apps

• Deliver in-depth reports and walkthroughs of vulnerabilities to Dev and QA teams

• Offer design input and security best practices across the SDLC

• Explore and analyze source code for flaws in Java, .NET, C++, and more

• Work with tooling such as Burp Suite, ZAP, IDA Pro, and scripting (Python, Bash, PowerShell)

• Engage in a highly collaborative and mentorship-driven team

• Stay sharp with support for certifications and research projects

About You

• 6 + years' experience in hands-on application pentesting (web, mobile, APIs, etc.)

• Proficient in security tooling and manual testing methodologies

• Strong working knowledge of Linux/Unix systems

• Skilled in at least one scripting language

• Confident communicator-able to present technical findings clearly to devs and leadership

• Self-starter with a curiosity-driven approach to application security

Bonus Points For:

• Experience in CI/CD, DevSecOps workflows

• Familiarity with cloud (especially GCP), containers (Docker/Kubernetes), or microservices

• OSCP, OSWE, GWAPT, or similar certifications