[Remote] Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. The Fountain Group is a nationwide staffing firm with a strong reputation in the industry. They are seeking an Application Security Engineer to provide triage coverage across various security findings and support the implementation of AI-assisted security tooling.
Responsibilities
- Provide unified application security triage coverage across SCA, SAST, and DAST findings, including validation of critical and high-risk vulnerabilities, false positive analysis, exploitability assessment, remediation guidance, and escalation support for findings that may impact production, internet-facing, or business-critical applications
- Rapidly assess and coordinate responses for threat intelligence escalations and PatchNow Critical events, including scope analysis, owner routing, mitigation guidance, tracking, and closure verification
- Monitor and analyze newly disclosed and Client vulnerabilities, including faster-moving disclosures influenced by frontier-model-enabled research, and produce actionable briefs that drive remediation plans
- Engineer, test, and implement application security tooling that leverages frontier models or AI-enabled capabilities for vulnerability identification, code reasoning, triage acceleration, remediation recommendations, and analyst workflow automation while preserving human review, auditability, and secure use controls
- Support company processes for evaluating and onboarding new AI capabilities, including technical proof-of-value execution, security testing, control validation, data handling review, model output evaluation, success metrics, and documentation needed for internal governance and approval pathways
- Strengthen software supply chain security by helping secure open-source dependency selection, package intake, SBOM and component visibility, malicious package detection, dependency health assessment, and policy enforcement across developer, pipeline, and artifact management workflows
- Assess and improve developer IDE security, plugins/extensions, and developer workflows, including package managers, code-assist tools, and CI integrations, against malicious code, compromised extensions, and unsafe configurations
Skills
- 3 plus years Code scanning experience
- 3 plus years open source scanning
- 3 plus years dynamic and static scanning
- Strong experience triaging SCA/SAST/DAST findings and managing high-severity escalations (threat Client and critical patch events) through remediation and closure
- Engineering experience with scripting, automation, APIs, CI/CD workflows, developer tooling, or security platform integrations
- Practical familiarity with AI-enabled security tools, frontier models, coding assistants, prompt and tool orchestration, model evaluation, or AI governance processes
- Experience securing the software supply chain and developer tooling (IDEs, plugins/extensions, package managers, CI/CD integrations) against compromise and malicious code
- Ability to translate technical vulnerability findings into clear remediation guidance, risk summaries, and prioritization recommendations for development and security stakeholders
Benefits
- Our company offers our consultants a suite of benefits after a qualification period including health, vision, dental, life and disability insurance.
- W2 Candidates only, 1099 and C2C not possible
Company Overview