Application Security Engineer
Typically requires 3 to 5 years of experience in application development, threat modeling, and security engineering.

An application security engineer assesses applications throughout the software development lifecycle (SDLC) to ensure they are designed and built securely. An application security engineers safeguards applications by identifying associated threats, vulnerabilities, and risks, and implementing ongoing security testing and code review. They securely configure application components, advise development teams on strengthening authentication, access controls, and data protections, and monitor applications to detect intrusions. Daily responsibilities of an application security engineer include:

  • Identifying application threats, vulnerabilities, and risks, and advise development teams how to protect against them.
  • Ensuring the security of the SDLC through code reviews and testing.
  • Implementing logging and monitoring applications for signs of intrusion.
  • Working with the development team to resolve findings from penetration tests and bug bounty programs.
  • Helping incident response teams respond to detected intrusions.
Salary range (US data)
Job openings
Created with Sketch. 6%
Job growth
Sarah Liu
Application Security Engineer
Sarah is an application security engineer and majored in computer engineering at the University of Virginia.
Sarah Liu
Application Security Engineer, Disney DTCI
Sarah is an application security engineer who recently transitioned to the entertainment industry from the finance industry. She comes from a software engineering background and majored in computer engineering at her university.
With application security, there is a lot of exposure to different parts of the security field, since we communicate with a wide variety of people and facilitate technical and risk-related discussions. I tackle new problems every day and see all kinds of security landscapes and environments.
We had a chance to connect with Sarah to ask her a few questions about her cybersecurity journey.
Start the Journey to Become an Application Security Engineer

Get Started with Application Security Engineer

Learn the fundamentals of protecting networks to prepare for a network security engineering career.

~1 hr 35 mins
Top skills requested
The technical and specialized skills most frequently requested by employers for this role.
  • Information security
  • OWASP (Open Web Application Security Project)
  • Software development
  • Programming languages
  • Penetration testing
  • Systems development lifecycle (SDLC)
  • Threat modeling
  • DevOps
  • Dynamic application security testing
  • Vulnerability assessment
The business skills most frequently requested by employers for this role.
Writing 14% Planning 15% Research 24% Teamwork 28% Communication 41%
Note: Percentages refer to the rate at which this skill appears in job postings.
In partnership with the World Economic Forum.