The Research Architect for Dynamic Application Security Testing (DAST) is responsible for ... Responsibilities • Conduct research and development for automating web application attacks. • ...
The Research Architect for Dynamic Application Security Testing (DAST) is responsible for ... Responsibilities • Conduct research and development for automating web application attacks. • ...
Application Security Engineer
Coral Gables, FL · On-site
$55.75 - $74.50/hr
The Application Security Engineer must understand development, coding, security engineering, and ... Conduct security assessments of web, mobile, and other applications. Analyze security assessment ...
Application Security Engineer
Coral Gables, FL · On-site
$55.75 - $74.50/hr
The Application Security Engineer must understand development, coding, security engineering, and ... Conduct security assessments of web, mobile, and other applications. Analyze security assessment ...
Application Security Engineer
Coral Gables, FL · On-site
$55.75 - $74.50/hr
The Application Security Engineer must understand development, coding, security engineering, and ... Conduct security assessments of web, mobile, and other applications. Analyze security assessment ...
Application Security Engineer
Coral Gables, FL · On-site
$55.75 - $74.50/hr
The Application Security Engineer must understand development, coding, security engineering, and ... Conduct security assessments of web, mobile, and other applications. Analyze security assessment ...
Implement security measures to protect web applications from vulnerabilities * Optimize web ... Web application security best practices * Performance optimization techniques Additional Technical ...
Implement security measures to protect web applications from vulnerabilities * Optimize web ... Web application security best practices * Performance optimization techniques Additional Technical ...
The engineer will work across Tomcat, Java, and modern web application components to remediate high risk runtime vulnerabilities and strengthen application stack security. Technical Responsibilities
Quick apply
The engineer will work across Tomcat, Java, and modern web application components to remediate high risk runtime vulnerabilities and strengthen application stack security. Technical Responsibilities
Responsibilities · Conduct research and development for automating web application attacks. · ... with the security research community through speaking at industry conferences, publishing ...
Responsibilities · Conduct research and development for automating web application attacks. · ... with the security research community through speaking at industry conferences, publishing ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Strong knowledge of web application security principles. * Proven experience developing complex web applications in government or similarly regulated environments. * Proficiency with modern frontend ...
Strong knowledge of web application security principles. * Proven experience developing complex web applications in government or similarly regulated environments. * Proficiency with modern frontend ...
Proficiency in triaging and remediating web application security vulnerabilities is required. Familiarity with Interactive Application Security Testing (IAST), Runtime Application Security Protection ...
Proficiency in triaging and remediating web application security vulnerabilities is required. Familiarity with Interactive Application Security Testing (IAST), Runtime Application Security Protection ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Quick apply
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · On-site +1
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · On-site +1
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Application Security Engineer - DAST & Burp Suite Enterprise Security Testing
Washington, DC · Remote
$120K - $140K/yr
Application Security Engineer Location: Fully Remote (East Coast) Clearance: Public Trust, Secret ... Secure enterprise web applications, with a focus on mitigating OWASP Top 10 risks, CVSS scoring ...
Lead Application Security Engineer
San Francisco, CA · On-site
$69.25 - $92.50/hr
Own application security across Ivo's web app, API surface, and the systems behind them. * Find and fix bugs. Hunt for vulnerabilities in our own product through hands-on testing, code review, and ...
Lead Application Security Engineer
San Francisco, CA · On-site
$69.25 - $92.50/hr
Own application security across Ivo's web app, API surface, and the systems behind them. * Find and fix bugs. Hunt for vulnerabilities in our own product through hands-on testing, code review, and ...
Strong understanding of web application security requirements * Experience developing complex web applications in government environments * Experience with SAFe Agile framework * Strong experience ...
Strong understanding of web application security requirements * Experience developing complex web applications in government environments * Experience with SAFe Agile framework * Strong experience ...
Security-cleared Professional: A n active TS/SCI with Polygraph is required to be considered for ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Security-cleared Professional: A n active TS/SCI with Polygraph is required to be considered for ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Security-cleared Professional: A n active TS/SCI with Polygraph is required to be considered for ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Security-cleared Professional: A n active TS/SCI with Polygraph is required to be considered for ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Apply security best practices to safeguard applications against vulnerabilities. * Optimize ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Apply security best practices to safeguard applications against vulnerabilities. * Optimize ... Strong knowledge of web application security principles. * Proven experience developing complex web ...
Application Security Engineer
$66.50 - $89/hr
NET, Java EE, and SQL 1+ years of experience in web or mobile application security preferred HTTP protocol knowledge required Knowledge of authentication mechanisms like SAML, OAuth etc. along with ...
Application Security Engineer
$66.50 - $89/hr
NET, Java EE, and SQL 1+ years of experience in web or mobile application security preferred HTTP protocol knowledge required Knowledge of authentication mechanisms like SAML, OAuth etc. along with ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
NET, Java EE, and SQL • 1+ years of experience in web or mobile application security preferred • HTTP protocol knowledge required • Knowledge of authentication mechanisms like SAML, OAuth etc ...
Application Security Engineer
Washington, DC · On-site
$66.50 - $89/hr
NET, Java EE, and SQL • 1+ years of experience in web or mobile application security preferred • HTTP protocol knowledge required • Knowledge of authentication mechanisms like SAML, OAuth etc ...
Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)
Reston, VA · Remote
$61 - $81.75/hr
... identified by web application scanning tools * Understanding of automated security testing ... approaches and tools * Experience in building and operating security tools within CI/CD pipelines
Application Security Engineer - Mid-Atlantic region (Remote in VA, MD, PA, NC, DE, NJ, or DC)
Reston, VA · Remote
$61 - $81.75/hr
... identified by web application scanning tools * Understanding of automated security testing ... approaches and tools * Experience in building and operating security tools within CI/CD pipelines
Web Application Security information
See salary details
$22K - $33.9K
1% of jobs
$33.9K - $45.8K
3% of jobs
$45.8K - $57.7K
3% of jobs
$57.7K - $69.6K
7% of jobs
$79.1K is the 25th percentile. Wages below this are outliers.
$69.6K - $81.5K
13% of jobs
$81.5K - $93.5K
17% of jobs
The median wage is $96.2K / yr.
$93.5K - $105.4K
23% of jobs
$114K is the 75th percentile. Wages above this are outliers.
$105.4K - $117.3K
10% of jobs
$117.3K - $129.2K
10% of jobs
$129.2K - $141.1K
7% of jobs
$141.1K - $153K
5% of jobs
$22K
$98.5K
$153K
How much do web application security jobs pay per year?
As of Jun 7, 2026, the average yearly pay for web application security in the United States is $98,514.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,000.00 and $119,500.00 per year, depending on experience, location, and employer.
What is the difference between Web Application Security vs Web Developer?
| Aspect | Web Application Security | Web Developer |
|---|---|---|
| Primary Focus | Protecting web applications from security threats and vulnerabilities | Designing, coding, and maintaining websites and web applications |
| Required Skills | Security protocols, vulnerability assessment, penetration testing | Programming languages, UI/UX design, front-end/back-end development |
| Certifications | Certified Ethical Hacker, CSSLP, OSCP | Certified Web Developer, Microsoft Certified, JavaScript certifications |
| Work Environment | Security teams, IT departments, cybersecurity firms | Web development agencies, tech companies, freelance |
Web Application Security and Web Developer roles overlap in the tech industry but focus on different aspects. Web Application Security specialists concentrate on safeguarding applications from threats, while Web Developers build and maintain the applications themselves. Both roles require technical skills, but their core responsibilities differ significantly, making them complementary in the web development lifecycle.
What cities are hiring for Web Application Security jobs? Cities with the most Web Application Security job openings:
What states have the most Web Application Security jobs? States with the most job openings for Web Application Security jobs include:
Job description
The Research Architect for Dynamic Application Security Testing (DAST) is responsible for overseeing the security capabilities of Veracode's dynamic scanner offerings.
Responsibilities
• Conduct research and development for automating web application attacks.
• Conduct research for improving techniques for detection of vulnerabilities.
• Develop attack signatures for specific classes of vulnerabilities.
• Define developer focused specifications for new attacks.
• Work with management to set priorities and goals for Veracode's DAST offerings.
• Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
• Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
• Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.
Skills & Requirements
This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:
• 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
• 3+ years of software development experience.
• Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
• Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
• Ability to learn new programming languages and/or technologies quickly and independently
• Ability to balance novelty of attacks with the restrictions automation demands.
• Experience with automated application security testing products (SAST, DAST, etc.) a plus.
• Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
• Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
• Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
• Strong analytical, organizational, and technical writing skills.
• B.S. in Computer Science or equivalent industry experience.
Careers
Veracode was founded by world-class security experts - and it continues to attract top problem solvers in the industry. We take pride in the diverse and electrifying culture our employees create. With personnel located across the United States and around the world, we boast a new and exciting approach to how we do business. Our collaborative environment fosters learning and growth within our employees through friendly discussions, hackathon projects and everyday interactions.
At Veracode, we offer a fundamentally different approach to application-layer security - one that's simpler and more scalable than legacy on-premises approaches. Our subscription-based service combines a powerful, cloud-based platform with deep security expertise and best practices for managing enterprise-wide governance programs so that enterprises can speed their innovations to market - without sacrificing security. It's all of these things combined with a little food and a lot of fun that make Veracode a great place to work.
Responsibilities
• Conduct research and development for automating web application attacks.
• Conduct research for improving techniques for detection of vulnerabilities.
• Develop attack signatures for specific classes of vulnerabilities.
• Define developer focused specifications for new attacks.
• Work with management to set priorities and goals for Veracode's DAST offerings.
• Keep up to date with the latest features in web browsers, web application development techniques, and web application vulnerabilities.
• Develop test cases to demonstrate vulnerabilities and ensure products' ability to identify them in an automated fashion.
• Actively engage with the security research community through speaking at industry conferences, publishing independent research, posting on the Veracode blog, and other means.
Skills & Requirements
This is a deeply technical role that requires significant knowledge around modern web development technologies and practices. You not only understand common web vulnerabilities, but understand how to find them in an automated fashion. You will need to follow upcoming trends and how they may have implications for security. It's also crucial that you're an effective communicator, as you'll collaborate frequently with engineers to guide them in implementing the specifications you create. You'll also need:
• 5+ years of practical application security work experience, preferably including some or all of the following: source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, and related pursuits.
• 3+ years of software development experience.
• Deep understanding of web browsers (i.e. security features, DOM, JavaScript, etc.).
• Deep understanding of common client side and server side web application vulnerabilities and how to exploit them (e.g. SQL injection, cross-site scripting, etc.).
• Ability to learn new programming languages and/or technologies quickly and independently
• Ability to balance novelty of attacks with the restrictions automation demands.
• Experience with automated application security testing products (SAST, DAST, etc.) a plus.
• Genuine enthusiasm, not just aptitude, for application security. Up to 20% of your time will be allocated for independent research, and this means you'll need interesting, relevant project ideas.
• Prototyping ability - the skill to hack something together quick and dirty to solve a problem and demonstrate feasibility.
• Excellent attention to detail, quality, and customer satisfaction. Consulting experience a plus.
• Strong analytical, organizational, and technical writing skills.
• B.S. in Computer Science or equivalent industry experience.
Careers
Veracode was founded by world-class security experts - and it continues to attract top problem solvers in the industry. We take pride in the diverse and electrifying culture our employees create. With personnel located across the United States and around the world, we boast a new and exciting approach to how we do business. Our collaborative environment fosters learning and growth within our employees through friendly discussions, hackathon projects and everyday interactions.
At Veracode, we offer a fundamentally different approach to application-layer security - one that's simpler and more scalable than legacy on-premises approaches. Our subscription-based service combines a powerful, cloud-based platform with deep security expertise and best practices for managing enterprise-wide governance programs so that enterprises can speed their innovations to market - without sacrificing security. It's all of these things combined with a little food and a lot of fun that make Veracode a great place to work.
About Veracode
Sourced by ZipRecruiter
Industry
Network security
Company size
501 - 1,000 Employees
Headquarters location
Burlington, MA, US
Year founded
2006