Application Security Engineer

Application Security Engineers identify risks and drive improvements in applications.

Role overview

The Application Security Engineer develops and tests security components that make an application more secure. They proactively test their security posture from an attacker's perspective, help shape engineering best practices, improve and drive application security monitoring, and work with the security team to educate engineers on emerging threats.

Application Security Engineers
may also be referred to as:
Application And API Security Architect
Application Security Architect
Application Security Engineer
Appsec Engineer
Ethical Hacker Application Security
Information Security Applications Code Assessor
Security Application Engineer
Web Application Engineer

Career Path

Map your career path by understanding role relationships

Average Salary

Based upon experience, salary for this role ranges from:
$177,500
National Average
$200,417
$231,667
* based upon those with two plus years of cybersecurity experience

Responsibilities

Defining and embedding technical security policies, principles, and standards within the application.
Driving and supporting application security reviews and threat modeling, including code review and dynamic testing.
Managing and performing application security vulnerability management.
Facilitating and supporting the preparation of security releases.
Supporting and consulting with product and development teams in the area of application security.
Creating and leading security training for their team.
Assisting in the development of automated security testing to ensure the organization is following best practices.

Tools & Environment

Application Security Engineers need to use tools like Java, Scala, Typescript, Python, and Javascript, coding and scripting, and security assurance tools. They also need experience securing public-facing endpoints and remediating vulnerabilities found in code.

Certifications

Category Organization Certification
Defense (ISC)2 CISSP-ISSEP
Defense (ISC)2 SSCP
Defense (ISC)2 CCSP
Defense (ISC)2 CAP
Defense Alibaba ACA
Defense Alibaba ACP
Defense Alibaba ACE
Defense AWS Certified Security
Defense CertNexus ITS
Defense Check Point CCSA
Defense Check Point CCSE
Defense Cisco CCNA Security
Defense Cisco CCNP Security
Defense Cisco CCIE Security
Defense Cisco CCNA CyberOps
Defense Cloud Credential Council PCSM
Defense CompTIA Security+
Defense CompTIA CySA+
Defense CompTIA CASP
Defense CREST CCWS
Defense CREST CPTIA
Defense CREST CRTIA
Defense CREST CCTIM
Defense CREST CPIA
Defense CREST CRIA
Defense CREST CCNIA
Defense CREST CCHIA
Defense CREST CCMRE
Defense CSA CCSK
Defense EC-Council CND
Defense EC-Council EDRP
Defense EC-Council CTIA
Defense EC-Council CSA
Defense EC-Council ECSS
Defense EITCI EITCA/IS
Defense eLearnSecurity eNDP
Defense eLearnSecurity eCRE
Defense eLearnSecurity eCTHP
Defense EXIN CIT-F
Defense Fortinet NSE 4
Defense Fortinet NSE 5
Defense Fortinet NSE 6
Defense Fortinet NSE 7
Defense Fortinet NSE 8
Defense GAQM CISP
Defense GIAC GSEC
Defense GIAC GCIA
Defense GIAC GISF
Defense GIAC GCED
Defense GIAC GCWN
Defense GIAC GPPA
Defense GIAC GMON
Defense GIAC GCCC
Defense GIAC GCUX
Defense GIAC GDAT
Defense GIAC GMOB
Defense GIAC GAWN
Defense GIAC GREM
Defense GIAC GCTI
Defense GIAC GISP
Defense GIAC GWEB
Defense GIAC GICSP
Defense GIAC GRID
Defense GIAC GCIP
Defense GIAC GEVA
Defense GIAC GOSI
Defense GIAC GCSA
Defense Google PCSE
Defense HISPI HISP
Defense IACRB CDRP
Defense IACRB CEREA
Defense IACRB CREA
Defense IACRB CSSA
Defense IBITGQ C CR P
Defense IBITGQ CITGP
Defense IBITGQ C CS F
Defense ISACA CSX-F
Defense ISACA CSX-T
Defense ISACA CSX-P
Defense ISECOM OPSA
Defense ISECOM OPSE
Defense Juniper JNCIA-SEC
Defense Juniper JNCIS-SEC
Defense Juniper JNCIP-SEC
Defense Juniper JNCIE-SEC
Defense Juniper JNCDS-SEC
Defense Lunarline CECS
Defense Lunarline CESA
Defense McAfee Institute CCII
Defense McAfee Institute CCIP
Defense McAfee Institute CSMIE
Defense McAfee Institute SMIA
Defense McAfee Institute CCTA
Defense McAfee Institute C|OSINT
Defense Microsoft AZ-500
Defense Mile2 C)SA2
Defense Mile2 C)SP
Defense Mile2 IS20
Defense Mile2 C)VA
Defense Mile2 C)DRE
Defense Mile2 C)VCP
Defense Mile2 C)VE
Defense Mile2 C)CSO
Defense Mile2 C)VSE
Defense Mile2 C)ISS
Defense Palo Alto PCCSA
Defense Palo Alto PCNSA
Defense Palo Alto PCNSE
Defense Redhat EX415
Defense Redhat EX425
Defense SECO-Institute S-ISF
Defense SECO-Institute S-ISP
Defense SECO-Institute S-ITSF
Defense SECO-Institute S-ITSP
Defense SECO-Institute S-ITSE
Defense SECO-Institute S-DWF
Defense Symantec 250-215
Defense Symantec 250-420
Defense Symantec 250-426
Defense Symantec 250-428
Defense Symantec 250-430
Defense Symantec 250-433
Defense Symantec 250-438
Defense Symantec 250-440
Defense Symantec 250-441
Defense Symantec 251/250-443
Defense Symantec 250-444
Defense Symantec 250-445
Defense Symantec 251/250-446
Defense Symantec 251/250-447
Defense Symantec 251/250-551
Defense Symantec 250-556
Organization

[cyber_job_role_count] Application Security Engineer jobs

Resources

Videos

Watch our latest videos, talks an recorded events
Watch

White Papers

Download our whitepapers and printed resources
Learn

Free Courses

Browse our training courses and educational resources
See All

Podcasts

Listen to our podcast features and recorded roundtables
Listen

Get our latest insights. Subscribe to our newsletter.

© 2025 CyberSN