Application Security Engineer Jobs (NOW HIRING)

Purpose Brands, the parent company of Orangetheory, Anytime Fitness, Waxing the City, and The Bar Method, is seeking a Application Security Engineer to join its team. This is a great position for someone who is looking to expand their career, and join a company with a fun, fast-paced and inspirational culture.
The Application Security Engineer will report to the Staff Security Engineer and will be responsible for advancing application security capabilities as part of a DevSecOps operating model. This role focuses on embedding security controls, automation, and secure development practices directly into the software delivery lifecycle for cloud-based applications.
The Application Security Engineer will partner closely with software engineering, DevOps, and cloud teams to shift security left, improve vulnerability detection and remediation workflows, and reduce risk without slowing delivery. This position emphasizes hands-on application security engineering, security tooling integration, and developer enablement across applications deployed in AWS and Azure environments.

Purpose/Impact: (Duties & Essential Functions)

Application Security & Secure SDLC

• Embed application security practices into all phases of the software development lifecycle (SDLC), from design through deployment and maintenance
• Perform application security assessments including static code analysis (SAST), dynamic testing (DAST), and software composition analysis (SCA)
• Develop and maintain threat models for critical systems and applications, collaborating with engineering teams to identify threats, assess risk, and drive remediation efforts
• Promote secure coding practices and contribute to secure development standards aligned with OWASP and industry best practices

DevSecOps Enablement & Automation

• Partner with engineering and DevOps teams to integrate security tooling into CI/CD pipelines, enabling automated and repeatable security testing
• Analyze and manage vulnerability findings from tools such as GitHub Dependabot, application scanners, and cloud-native security services
• Help tune security tooling to reduce false positives and improve signal quality for development teams
• Support the adoption of security automation to improve consistency, efficiency, and scalability across application environments

Cloud & Platform Security Collaboration

• Assist in securing applications deployed across AWS and Azure, including workloads running on IaaS, PaaS, and container-based platforms
• Identify risks to the confidentiality, integrity, and availability of application data hosted in cloud-based environments
• Collaborate with cloud and platform security engineers to ensure application security controls align with broader cloud security architecture

Risk Management, Monitoring & Response

• Triage, prioritize, and track remediation of application vulnerabilities based on risk and business impact
• Assist in security investigations involving application vulnerabilities or security events
• Participate in periodic reviews of application security controls to validate effectiveness and compliance with organizational standards

Collaboration & Continuous Improvement

• Act as a security partner to engineering teams by providing guidance, education, and actionable recommendations
• Contribute to the continuous improvement of application security processes, standards, and metrics
• Support governance, risk management, and compliance initiatives as they relate to application security

Strengths and Background

• Bachelor's degree in Computer Science, Information Systems, Engineering, or a related field
• 3-5 years of experience in application security, security engineering, or software engineering with a strong security focus
• Hands-on experience performing code reviews and application security testing across modern languages, frameworks, and APIs
• Experience working with application security tools such as SAST, DAST, and dependency scanning (e.g., GitHub Dependabot or similar)
• Strong understanding of OWASP Top 10, secure coding principles, authentication/authorization, and API security
• Practical experience supporting applications running in AWS and/or Azure cloud environments
• Familiarity with CI/CD pipelines, DevOps workflows, and DevSecOps concepts
• Ability to communicate security risks and remediation guidance clearly to developers and non-security stakeholders
• Strong analytical skills with the ability to balance security risk with delivery velocity

Preferred certifications include:
Security+, CSSLP, GWAPT, GWEB, CEH, or other application security-focused certifications

Salary Range: $120k - $140k

What's in it for you?

We offer a competitive salary along with exceptional benefits such as:

• Medical, Dental and Vision Coverage
• Hybrid Work Environment
• Life and Disability Insurance
• Unlimited Time off + Paid Holidays
• Flexible Friday's between Memorial Day and Labor Day
• 401(K) Savings Plan Matching at 4%
• 10 Coaching and Therapy sessions
• Mental Health Benefits
• Brand Discounts & Reimbursements
• In-house workout facilities
• Professional Development Opportunities
• Team Building, Employee Engagement Activities & so much more

WORK SCHEDULE
Purpose Brands LLC, currently observe the following hybrid work model for employees at our Boca Raton (FL), Woodbury (MN), and Seattle (WA) offices:

• Remote optional: Fridays
• On-site days: Mondays, Tuesdays, Wednesdays and Thursdays

DIVERSITY, EQUITY, AND INCLUSION STATEMENT
Purpose Brands is committed to encouraging, facilitating, and upholding an environment centered on diversity, equity, and inclusion across every facet of the Purpose Brands. We will work to create a sustainable culture that supports a healthy space for learning and growing, valuing, and empowering every employee, inspiring a diverse franchise network, and uplifting the members and communities we serve.

EEO STATEMENT
Purpose Brands provides equal employment opportunity to all individuals regardless of their race, color, creed, religion, gender, age, sexual orientation, national origin, disability, veteran status, or any other characteristic protected by state, federal, or local law. Discrimination of any type will not be tolerated.