SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 20192, Herndon, VA
  3. Senior Application Security Engineer

Senior Application Security Engineer

CertiPath Inc
Posted 3 days ago, valid for 16 days
Location

Herndon, VA 20192, US

Salary

Competitive

Contract type

Full Time

Paid Time Off

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • CertiPath is looking for a Senior Application Security (AppSec) Engineer with over 7 years of hands-on experience in application security and penetration testing, particularly with a focus on AI-enabled testing.
  • The position involves performing advanced penetration testing, leading application security strategy, and automating offensive security practices, with a hands-on approach making up 60-70% of the role.
  • This hybrid role is based in Reston, VA, requiring 2-3 office days per week, and does not involve people management but focuses on technical expertise in offensive security.
  • Candidates should possess certifications such as OSCP or GPEN and have strong knowledge of OWASP Top 10, enterprise security standards, and experience with commercial AppSec tools.
  • CertiPath offers a competitive salary alongside excellent benefits including health coverage, a 401(k) plan with employer match, unlimited PTO, and a commitment to work-life balance.

Want to energize your career? 

At CertiPath, you’ll join a fast-moving team with a meaningful mission, delivering high-assurance identity and trust solutions that matter. We are seeking a Senior Application Security (AppSec) Engineer to strengthen our security posture across our TrustSuite products, driving positive customer impact and rapidly innovating and optimizing application security across traditional and cutting-edge AI-enabled environments.

This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization.

This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support. 

This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level.

Location: This role is primarily hybrid, based at our Reston, VA headquarters, with an average of 2-3 office days per week. 

I’ve never heard of CertiPath. What do you do?  

We are the experts in software and services for high-assurance digital identity verification and management. We are an established organization with a 21-year track record of delivering on our promises with the drive and entrepreneurial spirit of a start-up. CertiPath is focused on bringing facility and network access management for commercial clients and government agencies into the 21st century.  

What will my responsibilities include as Senior AppSec Engineer at CertiPath?

  • Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
  • Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
  • Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
  • Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
  • Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
  • Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
  • Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
  • Support go-to-market efforts for highly regulated environments.

What qualifications do you look for? 

  • U.S. citizenship and the ability to obtain a government clearance.
  • 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
  • Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
  • Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
  • Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
  • Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
  • Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
  • Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
  • Proven ability to define and drive high-level application security strategy and plans.
  • Excellent communication skills for reporting findings and influencing outcomes.

We’re extra impressed by folks who have: 

  • Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
  • Prior experience testing in government or regulated environments

What kind of benefits does CertiPath offer? 

CertiPath offers outstanding benefits, including health, dental, and vision coverage; a Health Savings Account plan; and a 401(k) plan with a generous employer match. We also believe strongly in maintaining a quality work-life balance, so we offer an unlimited PTO policy, seven company holidays, and a week-long break at the end of each year. All qualified applicants will receive consideration for employment without regard to disability; status as a protected veteran; or any other status protected by applicable federal, state, local, or international law. 



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs