1

Application Security Engineer Jobs in California

Application Security Engineer

San Francisco, CA · On-site

$69.25 - $92.50/hr

We're hiring an Application Security Engineer to own security across Opal's product and platform - and yes, own means what it sounds like. You'd be our dedicated security engineer, embedded directly ...

Application Security Engineers partner with software development teams to help build secure applications for Laserfiche's customers. In this role, you will assist in implementing secure development ...

Application Security Engineer

Long Beach, CA · On-site +1

$108K - $140K/yr

Application Security Engineers partner with software development teams to help build secure applications for Laserfiche's customers. In this role, you will assist in implementing secure development ...

We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud ...

Application Security Engineer

Palo Alto, CA · On-site

$69.25 - $92.50/hr

They are seeking an innovative Application Security Engineer responsible for ensuring the security and integrity of cloud-native applications throughout the software development lifecycle, with a ...

We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud ...

We are seeking a skilled and innovative Application Security Engineer to join our technology-driven company. In this role, you will be responsible for ensuring the security and integrity of our cloud ...

... Engineering, Information Systems, or equivalent years of experience in a related technical field * 3+ years of experience in the field of application security or related security role * Passion for ...

Senior Application Security Engineer

San Francisco, CA · On-site

$69.25 - $92.50/hr

Senior Security Engineer - Secure Code Review 📍 San Francisco, California 🏢 On-site | Full-Time My client is seeking a Senior Security Engineer to join their Application Security practice. This ...

Security Engineer, Application Security

San Jose, CA · On-site

$68.75 - $92/hr

... Engineering, Information Systems, or equivalent years of experience in a related technical field • 3+ years of experience in the field of application security or related security role • Passion ...

As an Application Security Engineer at Esri, you will fill a critical role in helping secure Esri's intellectual property and sensitive data against a variety of complex threats with support from all ...

Sr. Application Security Engineer

Redlands, CA · On-site

$59 - $79/hr

They are seeking a Sr. Application Security Engineer to enhance the security of their applications, collaborating with various teams to design security measures, perform testing, and provide guidance ...

Lead Application Security Engineer

San Francisco, CA · On-site

$69.25 - $92.50/hr

The Role We're hiring our first dedicated Lead Application Security Engineer to own the security of the Ivo platform end to end. You'll partner directly with our Head of IT & Security and embed ...

As an Application Security Engineer at Esri, you will fill a critical role in helping secure Esri's intellectual property and sensitive data against a variety of complex threats with support from all ...

next page

Showing results 1-20

Application Security Engineer information

See California salary details

$29

$65

$95

How much do application security engineer jobs pay per hour?

As of Jul 14, 2026, the average hourly pay for application security engineer in California is $65.53, according to ZipRecruiter salary data. Most workers in this role earn between $55.77 and $74.47 per hour, depending on experience, location, and employer.

What Does an Application Security Engineer Do?

An application security engineer is responsible for ensuring the secure function of software application programs. For this career, you must have advanced training in cybersecurity and familiarity with multiple computer programming languages. Your main job duty is to evaluate lines of programming code to make sure a given application is safe from cyber-attack. You perform penetration testing to see if outside sources can "hack" into the application. You also do threat modeling and security code reviews of programming done by other application programmers.

What are some common challenges faced by Application Security Engineers when integrating security into the software development lifecycle?

Application Security Engineers often encounter challenges such as balancing security requirements with development speed, ensuring all team members understand secure coding practices, and keeping up with evolving threats. They frequently work closely with developers, DevOps, and QA teams to embed security controls without disrupting workflows. Overcoming these challenges requires strong communication skills, a deep understanding of both security and software development, and the ability to advocate for security as a shared responsibility across the organization.

What does an Application Security Engineer do?

An Application Security Engineer is responsible for identifying and mitigating security vulnerabilities in software applications throughout their development lifecycle. They work closely with developers to ensure secure coding practices, conduct security assessments and code reviews, and implement tools for threat detection and prevention. Their primary goal is to protect applications from threats such as data breaches, unauthorized access, and other forms of cyber attacks. They also stay updated on the latest security trends and compliance requirements to keep applications safe.

What are the key skills and qualifications needed to thrive as an Application Security Engineer, and why are they important?

To thrive as an Application Security Engineer, you need a solid background in software development, cybersecurity fundamentals, and vulnerability assessment, often supported by a degree in computer science or a related field. Familiarity with tools such as static and dynamic application security testing (SAST/DAST), penetration testing frameworks, and relevant certifications like CISSP or CEH is common. Attention to detail, problem-solving abilities, and strong communication skills help you effectively identify risks and collaborate with development teams. These skills are crucial for safeguarding applications against evolving threats and ensuring secure software delivery.

What is the difference between Application Security Engineer vs Security Analyst?

AspectApplication Security EngineerSecurity Analyst
CertificationsCEH, CISSP, OSCPCISSP, Security+
Work EnvironmentDevelops security measures, reviews code, tests applicationsMonitors security systems, investigates incidents, analyzes threats
Industry UsageTech companies, software firms, organizations with strong app focusBroad sectors including finance, healthcare, government

Application Security Engineers focus on securing software applications through code review, vulnerability testing, and implementing security measures. Security Analysts monitor and analyze security threats, respond to incidents, and maintain security systems. While both roles require security certifications and work in security-focused environments, Application Security Engineers are more involved in the development and testing of secure applications, whereas Security Analysts focus on threat detection and incident response.

What are the most commonly searched types of Application Security Engineer jobs in California? The most popular types of Application Security Engineer jobs in California are:
What job categories do people searching Application Security Engineer jobs in California look for? The top searched job categories for Application Security Engineer jobs in California are:
What cities in California are hiring for Application Security Engineer jobs? Cities in California with the most Application Security Engineer job openings:
What are popular job titles related to Application Security Engineer jobs in CA? For Application Security Engineer jobs in CA, the most frequently searched job titles are:
Infographic showing various Application Security Engineer job openings in California as of July 2026, with employment types broken down into 75% Full Time, and 25% Contract. Highlights an 50% In-person, and 50% Remote job distribution, with an average salary of $136,308 per year, or $65.5 per hour.
Application Security Engineer

Application Security Engineer

Opal

San Francisco, CA • On-site

$69.25 - $92.50/hr

Full-time

Re-posted 23 days ago


Job description

About Opal Security:
At Opal, we're building modern identity governance for the AI era-intelligent access management that empowers enterprises to move fast while staying secure. Our mission is to bring clarity, control, and confidence to complex enterprise environments, helping teams govern access without slowing down innovation.
The Role:
Most security engineers spend their careers bolting locks onto doors that were already built. This is not that job.
We're hiring an Application Security Engineer to own security across Opal's product and platform - and yes, own means what it sounds like. You'd be our dedicated security engineer, embedded directly with engineering, writing production code in Go and TypeScript, and building security into the product while it's still being designed. You'll work closely with a team of engineers that genuinely care about getting this right, and a product that happens to be one of the most security-critical tools in enterprise software.
Oh, and one more thing: Opal is a security company. We sell access control to organizations that take security seriously. That means your work isn't a cost center - it's core to what we do.
This role lives on the Platform team and partners closely with Infrastructure Engineering on cloud security. It is explicitly scoped to application and product security - enterprise IT, compliance, and vendor risk management are handled separately.
What You'll Do:
Secure Development Lifecycle -
  • Own the secure SDLC end-to-end: threat modeling, design reviews, code reviews - you set the bar
  • Run and coordinate app pentests (internal and external) and drive findings to closure
  • Build and own SAST/DAST/SCA tooling wired into CI/CD so security ships with the code
  • Triage and remediate vulnerabilities from every angle - bug bounty, internal scans, the works

Software Security Engineering -
  • Build and maintain the security-critical stuff: encryption services, authz enforcement, authn flows
  • Own the Auth0 ↔ Opal integration - tokens, sessions, MFA, SSO (SAML, OIDC, OAuth 2.0)
  • Ship production Go and TypeScript to harden APIs, enforce least-privilege, and close vuln classes for good
  • Create shared libraries that make the secure path the easy path for every product engineer

Incident Response & Cloud Security -
  • Be first on the scene for security incidents: investigate, contain, find the root cause, fix it
  • Partner with Infra on cloud hardening - AWS IAM, EKS, KMS, network segmentation
  • Level up detection and response by writing detection rules and improving logging and alerting

Security Culture -
  • Mentor engineers on secure coding, common vuln patterns, and security architecture - you make the org smarter
  • Help set the security roadmap by grounding it in real product risk
  • Be the security teammate engineers want to work with - a collaborator, not a bottleneck

You Might Be a Fit If You:
  • Have 4+ years in application security or software security engineering
  • Actually write production code - findings reports are the floor, not the ceiling
  • Know auth cold: OAuth 2.0, OIDC, SAML, session management, token lifecycle
  • Are comfortable in AWS and containerized environments (Kubernetes, Docker)
  • Bonus points for familiarity with our stack: Go, TypeScript, React, PostgreSQL, Redis, GraphQL
  • Have led complex, cross-functional security initiatives from kickoff to completion
  • Have run or participated in external pentests and seen findings through remediation
  • Thrive on ownership and ambiguity - you'd rather write the playbook than wait for one