Senior Application Security Engineer
Company: Abnormal
Location: Washington
Posted on: January 9, 2026
|
|
|
Job Description:
Abnormal AI is looking for a Senior Application Security
Engineer to help build the next generation of secure AI-powered
cybersecurity applications at scale. This is a senior IC-level role
that blends deep application security expertise with strong
engineering fundamentals. Youll focus on integrating security into
every phase of our software development lifecycle, conducting
comprehensive security reviews, and partnering with engineering
teams to build defensible architectures. As a technical leader, you
will own the security architecture and development of secure coding
practices while ensuring security is a foundational partner to our
engineering stakeholders. Youll mentor junior engineers, act as a
technical liaison across teams, and contribute directly to keeping
our applications and customers secure. This is a role for engineers
who are intellectually curious and motivated to bridge the gap
between security principles and application development execution.
Who you are: • An intellectually curious, solution-focused engineer
with a security mindset who thrives in fast-paced environments • A
technical leader who can architect secure application solutions
while maintaining engineering velocity • Someone who thinks like an
attacker but builds like a defender - understanding both offensive
and defensive security principles • A collaborative engineer who
can translate security requirements into actionable development
tasks • A mentor who enjoys teaching secure coding practices and
security architecture to junior engineers What you will do • Lead
threat modeling and security architecture reviews with engineering
teams by translating security risks into development actions. •
Architect, build, and maintain security tooling and integrations
that enable secure development workflows (e.g., SAST, DAST, SCA,
IAST tools). • Collaborate with Engineering, DevOps, and Platform
teams to build scalable security controls via
Infrastructure-as-Code and secure CI/CD pipelines. • Design and
deploy automated security testing frameworks to identify
vulnerabilities early in the development process. • Serve as a
hands-on technical contributor during security incidents by
analyzing application-level behavior and enhancing response
processes. • Mentor and support junior engineers on secure coding
practices, security architecture, and security tooling
integrations. • Evaluate and uplift application security tooling
across commercial and open-source capabilities by focusing on
scale, efficiency, and precision. • Define and track key security
posture metrics, building dashboards or reports to visualize
security coverage and vulnerability trends. • Partner with
engineering teams to implement and maintain security controls
across applications and services. • Stay current with emerging
AI/ML security threats, evaluating them for business applicability
and integration. Must Haves • Proven delivery in application
security engineering roles, ideally in cloud-native environments
with modern development practices. • Hands-on experience with
security testing tools (SAST, DAST, SCA, IAST) and working
knowledge of security automation in CI/CD pipelines. • Strong
programming skills in Python, Go, Java, or JavaScript/TypeScript;
proficiency with Git, Linux, and modern development frameworks. •
Expertise in web application security including OWASP Top 10,
authentication/authorization, cryptography, and secure API design.
• Experience with threat modeling frameworks (STRIDE, PASTA,
LINDDUN) and security architecture review processes. • Comfortable
investigating application logs, tracing security events, and
contributing to incident analysis workflows. • Proven ability to
influence and collaborate cross-functionally with engineering,
DevOps, and product teams. • Strong written communication and
documentation skills and being able to convey complex security
concepts clearly. • Background with securing modern application
architectures including microservices, containers, and cloud-native
applications. Nice to Have • Experience working in fast-paced or
startup environments with sometimes ambiguous ownership lines. •
Familiarity with AI/ML security concepts including adversarial
attacks, model security, and data privacy considerations. •
Hands-on experience with commercial security tools (Veracode,
Checkmarx, SonarQube, Snyk, Burp Suite) • Prior experience building
security telemetry pipelines or vulnerability management
frameworks. • Exposure to compliance frameworks (SOC 2, ISO 27001)
and how development decisions affect auditability. • Familiarity
with bug bounty programs and vulnerability disclosure
processes.
Keywords: Abnormal, Harrisburg , Senior Application Security Engineer, IT / Software / Systems , Washington, Pennsylvania
