Application Security Engineer

Who we are

DigiCert is a global leader in intelligent trust. We protect the digital world by ensuring the security, privacy, and authenticity of every interaction. Our AI-powered DigiCert ONE platform unifies PKI, DNS, and certificate lifecycle management, to secure infrastructure, software, devices, messages, AI content and agents. Learn why more than 100,000 organizations, including 90% of the Fortune 500, choose DigiCert to stop today's threats and prepare for a quantum-safe future at www.digicert.com

Job summary

As an Application Security Engineer within our cybersecurity team, you will help safeguard the company's web applications and services by supporting the integration of security practices into the Software Development Life Cycle (SDLC). You will collaborate with development, DevOps, and security teams to identify, assess, and remediate vulnerabilities, contribute to secure coding practices, and assist in implementing DevSecOps tooling and processes. This role is ideal for someone with a strong technical foundation who is eager to grow within the product/application security space.

What you will do

• Support the integration of security controls and best practices across various phases of the SDLC.
• Assist in security assessments, including static and dynamic code analysis, open-source dependency analysis, and limited penetration testing.
• Participate in manual and automated code reviews to identify potential vulnerabilities and coding flaws.
• Collaborate with software engineers to promote secure development practices, including the use of security testing tools in CI/CD pipelines.
• Contribute to the evaluation, deployment, and tuning of DevSecOps tools such as SAST, DAST, and SCA platforms.
• Help maintain secure deployment workflows and support security automation efforts.
• Participate in cross-functional security reviews of new features and systems with guidance from senior engineers.
• Stay up to date on current security threats, vulnerabilities, and best practices in application security.
• Assist with triaging vulnerabilities from internal scans, bug bounty submissions, or external assessments.
• Document processes and playbooks to support consistent and scalable security practices.
• Provide input to the development of internal security standards and reference architectures.
• Support remediation efforts in collaboration with engineering teams.
• Participate in promoting a security-first culture across the organization.
• Other duties and responsibilities as assigned.

What you will have

• Bachelor's degree in computer science, cybersecurity, or a related technical field.
• 2+ years of experience in cybersecurity, software engineering, or DevOps, with at least 1+ years focused on application or product security.
• Experience with programming/scripting languages such as Python, JavaScript, or Java.
• Familiarity with DevSecOps tools (SAST, DAST, SCA) and secure SDLC methodologies. - nice to have if they have a solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE).
• Solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE) and remediation strategies.
• Ability to analyze code and spot security issues with guidance.
• Strong communication and collaboration skills.
• Strong attention to detail and willingness to learn new technologies.

Nice to have

• Hands-on experience with CI/CD pipelines (e.g., GitHub Actions, GitLab CI, Jenkins).
• Familiarity with security standards and frameworks such as NIST, OWASP SAMM, ISO 27001, or PCI DSS.
• Experience working in a regulated environment (e.g., financial services, healthcare, or government).
• Professional certifications such as Security+, CEH, eJPT, or equivalent (OSCP or similar preferred but not required).
• Exposure to cloud platforms such as AWS, Azure, or GCP.
• Experience contributing to or managing a bug bounty triage process.

Benefits

• Generous time off policies
• Top shelf benefits
• Education, wellness and lifestyle support