Application Security Engineer

Piper Companies is seeking an Application Security / DevSecOps Engineer to support the design, implementation, and ongoing management of our security tooling, practices, and secure development pipelines. The ideal candidate is a self-starter with strong problem solving skills who can work with minimal oversight and collaborate effectively across technical teams.

Responsibilities of the Application Security Engineer:

• Design, implement, and maintain application security and DevSecOps solutions, including artifact management, vulnerability scanning, and secure CI/CD integrations

• Integrate security tools and processes (SAST, DAST, SCA, API Security) into development pipelines to enable secure software delivery

• Collaborate with development, DevOps, platform, and network security teams to define and implement secure architecture standards

• Ensure security practices align with industry standards and regulatory frameworks such as NIST, OWASP, and NYDFS

• Apply strong knowledge of infrastructure and application security concepts, including RBAC, OIDC/SAML, Infrastructure as Code (IaC), and cloud security within AWS and Azure

• Independently research and troubleshoot technical issues using documentation, knowledge bases, and external resources before escalating

• Communicate effectively through strong written and verbal skills

• Work effectively in an Agile environment (familiarity preferred but not required)

Qualifications of the Application Security Engineer:

• Experience with scripting (e.g., Bash)

• Experience with Terraform or other IaC tools

• Familiarity with CI/CD platforms such as GitHub Actions or Jenkins

• Software development experience (especially Python)

• Must be eligible to work in the United States.

Compensation of the Application Security Engineer:

• Salary Range: $50-$65 per hour (based on experience)

• Comprehensive benefit package; Cigna Medical, Cigna Dental, Vision, 401k w/ ADP, PTO, paid holidays, Sick Leave as required by law

This job opens for applications on March 31, 2026. Applications for this job will be accepted for at least 30 days from the posting date.

Keywords: Application Security Engineer, AppSec Engineer, DevSecOps Engineer, Application Security / DevSecOps Engineer, Cloud Security Engineer, Secure Software Engineer, application security, DevSecOps, secure software development, secure SDLC, CI/CD security, cloud security, infrastructure security, vulnerability management, secure architecture, SAST, DAST, SCA, software composition analysis, API security, vulnerability scanning, artifact management, static code analysis, dynamic testing, CI/CD pipelines, GitHub, GitHub Actions, Jenkins, DevOps, pipeline automation, secure CI/CD, AWS security, Azure security, cloud environments, infrastructure as code, IaC, Terraform, IAM, RBAC, OIDC, SAML, identity and access management, authentication and authorization, Python, Bash, scripting, secure coding, code review, NIST, OWASP, NYDFS, security frameworks, regulatory compliance, Agile, cross‑functional collaboration, engineering collaboration, independent problem solving, mid‑level security engineer, 3–5 years experience, hands‑on engineer, fintech security, financial services security

#LI-LS4 #LI-Remote