ZipRecruiter

Log In

1

Director Application Security Engineer Jobs (NOW HIRING)

Opal

Application Security Engineer

San Francisco, CA · On-site

$69.25 - $92.50/hr

We're hiring an Application Security Engineer to own security across Opal's product and platform - and yes, own means what it sounds like. You'd be our dedicated security engineer, embedded directly ...

SmartRent

Application Security Engineer

Phoenix, AZ

$58.25 - $78/hr

The Application Security Engineer is responsible for supporting the security and privacy of the SmartRent platform through the management of information security risk, system resilience, and ...

SmartRent

Application Security Engineer

Phoenix, AZ · On-site

$58.25 - $78/hr

The Application Security Engineer is responsible for supporting the security and privacy of the SmartRent platform through the management of information security risk, system resilience, and ...

Shorepoint Inc.

Application Security Engineer

Herndon, VA · On-site

$60.50 - $80.75/hr

The Application Security Engineer will be responsible for the end-to-end administration of Burp Suite and Veracode, managing Integrated Development Environment (IDE) plugins and ensuring all ...

Comtech, LLC

Application Security Engineer

Washington, DC · On-site

$66.50 - $89/hr

Application Security Engineer Location: Washington, DC * Support PeopleSoft HCM/FSCM/ELM/CRM/EPM application security. * Implement specifically SSO for Oracle ELM, HCM and Finance PeopleSoft Modules ...

Shorepoint Inc.

Application Security Engineer

Herndon, VA

$60.50 - $80.75/hr

The Application Security Engineer will be responsible for the end-to-end administration of Burp Suite and Veracode, managing Integrated Development Environment (IDE) plugins and ensuring all ...

Peraton

Application Security Engineer

Herndon, VA · On-site

$104K - $166K/yr

Define application security strategy, standards, and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams. * Lead threat modeling and secure ...

Peraton

Application Security Engineer

Herndon, VA · On-site

$104K - $166K/yr

Define application security strategy, standards, and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams. * Lead threat modeling and secure ...

Charles Schwab

Application Security Engineer

Southlake, TX · On-site

$55.25 - $74/hr

Successful candidates will have prior engineering experience within a Software Security Assurance or Application Security team and a proven ability to partner effectively with development teams to ...

CivicPlus, LLC

Application Security Engineer

$70K - $101K/yr

Description Your Impact The Application Security Engineer is responsible for embedding security throughout the software development lifecycle (SDLC), leading application security testing, and driving ...

Peraton

Application Security Engineer

Herndon, VA · On-site

$104K - $166K/yr

Define application security strategy, standards, and SDLC integration points; champion secure-by-design practices across engineering and DevSecOps teams. * Lead threat modeling and secure ...

next page

Showing results 1-20

People also search for

All JobsDirector Application Security Engineer Jobs

Director Application Security Engineer information

See salary details

$29

$66

$96

How much do director application security engineer jobs pay per hour?

As of Jun 5, 2026, the average hourly pay for director application security engineer in the United States is $66.40, according to ZipRecruiter salary data. Most workers in this role earn between $56.49 and $75.48 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a Director Application Security Engineer, and why are they important?

A Director Application Security Engineer must possess deep expertise in application security, secure software development, and risk management, often supported by a computer science degree and relevant certifications like CISSP or CSSLP. Familiarity with security testing tools (such as SAST, DAST, and vulnerability management platforms), secure coding frameworks, and cloud security systems is critical. Strong leadership, strategic thinking, and effective communication skills help drive secure software practices across engineering teams and influence organizational culture. These skills and qualities are crucial for proactively mitigating risks, ensuring regulatory compliance, and safeguarding the organization’s digital assets.

How does a Director Application Security Engineer typically collaborate with development and operations teams to enhance software security?

A Director Application Security Engineer works closely with development and operations teams by establishing secure coding standards, integrating security tools into the CI/CD pipeline, and leading threat modeling sessions. They often facilitate regular training sessions to keep teams updated on emerging security threats and best practices. Additionally, they coordinate incident response efforts and ensure effective communication between technical teams and executive leadership regarding security risks and mitigation strategies. This cross-functional collaboration is essential to proactively address vulnerabilities and foster a strong culture of security throughout the organization.

What does a Director Application Security Engineer do?

A Director Application Security Engineer leads and oversees the security strategy for an organization’s software applications. They are responsible for managing teams that identify vulnerabilities, implement security best practices, and ensure compliance with industry standards. This role involves collaborating with development, operations, and executive teams to embed security throughout the software development lifecycle. Additionally, the director sets policies, creates training programs, and responds to security incidents to protect the organization’s digital assets.
What cities are hiring for Director Application Security Engineer jobs? Cities with the most Director Application Security Engineer job openings:
What are the most commonly searched types of Application Security Engineer jobs? The most popular types of Application Security Engineer jobs are:
What states have the most Director Application Security Engineer jobs? States with the most job openings for Director Application Security Engineer jobs include:
Director Application Security Engineer jobs near you
Application Security Engineer

Application Security Engineer

Opal

San Francisco, CA • On-site

$69.25 - $92.50/hr

Full-time

Posted 15 days ago

Job description

About Opal Security:
At Opal, we're building modern identity governance for the AI era-intelligent access management that empowers enterprises to move fast while staying secure. Our mission is to bring clarity, control, and confidence to complex enterprise environments, helping teams govern access without slowing down innovation.
The Role:
Most security engineers spend their careers bolting locks onto doors that were already built. This is not that job.
We're hiring an Application Security Engineer to own security across Opal's product and platform - and yes, own means what it sounds like. You'd be our dedicated security engineer, embedded directly with engineering, writing production code in Go and TypeScript, and building security into the product while it's still being designed. You'll work closely with a team of engineers that genuinely care about getting this right, and a product that happens to be one of the most security-critical tools in enterprise software.
Oh, and one more thing: Opal is a security company. We sell access control to organizations that take security seriously. That means your work isn't a cost center - it's core to what we do.
This role lives on the Platform team and partners closely with Infrastructure Engineering on cloud security. It is explicitly scoped to application and product security - enterprise IT, compliance, and vendor risk management are handled separately.
What You'll Do:
Secure Development Lifecycle -
  • Own the secure SDLC end-to-end: threat modeling, design reviews, code reviews - you set the bar
  • Run and coordinate app pentests (internal and external) and drive findings to closure
  • Build and own SAST/DAST/SCA tooling wired into CI/CD so security ships with the code
  • Triage and remediate vulnerabilities from every angle - bug bounty, internal scans, the works

Software Security Engineering -
  • Build and maintain the security-critical stuff: encryption services, authz enforcement, authn flows
  • Own the Auth0 ↔ Opal integration - tokens, sessions, MFA, SSO (SAML, OIDC, OAuth 2.0)
  • Ship production Go and TypeScript to harden APIs, enforce least-privilege, and close vuln classes for good
  • Create shared libraries that make the secure path the easy path for every product engineer

Incident Response & Cloud Security -
  • Be first on the scene for security incidents: investigate, contain, find the root cause, fix it
  • Partner with Infra on cloud hardening - AWS IAM, EKS, KMS, network segmentation
  • Level up detection and response by writing detection rules and improving logging and alerting

Security Culture -
  • Mentor engineers on secure coding, common vuln patterns, and security architecture - you make the org smarter
  • Help set the security roadmap by grounding it in real product risk
  • Be the security teammate engineers want to work with - a collaborator, not a bottleneck

You Might Be a Fit If You:
  • Have 4+ years in application security or software security engineering
  • Actually write production code - findings reports are the floor, not the ceiling
  • Know auth cold: OAuth 2.0, OIDC, SAML, session management, token lifecycle
  • Are comfortable in AWS and containerized environments (Kubernetes, Docker)
  • Bonus points for familiarity with our stack: Go, TypeScript, React, PostgreSQL, Redis, GraphQL
  • Have led complex, cross-functional security initiatives from kickoff to completion
  • Have run or participated in external pentests and seen findings through remediation
  • Thrive on ownership and ambiguity - you'd rather write the playbook than wait for one

Apply