Application Security Engineer

About Us

Red Cell Partners is an incubation firm building and investing in rapidly scalable technology-led companies that are bringing revolutionary advancements to market in three distinct practice areas: healthcare, cyber, and national security. United by a shared sense of duty and deep belief in the power of innovation, Red Cell is developing powerful tools and solutions to address our Nation’s most pressing problems.

About Andesite

After decades defending the nation's most sensitive networks, we founded Andesite with a clear mission: to build security products that transform how humans and AI collaborate to defend against increasingly sophisticated cyber threats.

We’re a diverse team of cyber and security experts, passionate technologists, and experienced product builders. We come from some of the largest national security, tech, cybersecurity, and data organizations on the planet.

We've raised more than $38 million from investors like General Catalyst and Red Cell Partners.

The future of cybersecurity isn't about better technology alone—it's about reimagining how humans and machines work together. Come build with us.

The Role

Andesite is seeking an Application Security Engineer to help secure our software applications from design to deployment. You’ll partner closely with developers, DevOps, and product teams to identify and mitigate vulnerabilities, perform threat modeling, review source code, and embed mature security practices across the software development lifecycle. This role is ideal for someone with strong technical skills who’s enthusiastic to mature application-layer defenses in a dynamic fast-moving environment.

What You’ll Do

• Conduct manual and automated application security testing (e.g. web, API)
• Lead threat modeling sessions and collaborate on secure design reviews
• Perform code reviews and provide secure coding guidance to engineering teams
• Partner with development teams to triage and remediate vulnerabilities
• Collaborate with DevOps and cloud engineering teams on secure infrastructure-as-code

What You Have

• 4+ years of experience in application security, secure software development, or a similar security-focused engineering role.
• Bachelor's in Computer Science, Cyber Security, Software Engineering, or related field.
• Strong understanding of OWASP Top 10 and common web/app/API vulnerabilities.
• Experience with SAST/DAST/SCA toolsets (e.g. Veracode, Burp Suite, Checkmarx, Snyk).
• Proficiency in languages like Python and JavaScript, including their secure coding practices.
• Hands-on experience with CI/CD environments (e.g. GitHub Actions, Jenkins, GitLab).
• Experience with threat modeling frameworks (e.g. STRIDE).
• Familiarity with compliance frameworks (e.g. PCI DSS, NIST 800-53, SOC 2, ISO 27001).

Even Better If You Have

• Relevant certifications (e.g. OSCP, GWAPT, CSSLP, CASE).
• Experience with cloud platforms (e.g. AWS, Azure, GCP) and their security features.
• Exposure with securing containerized applications (e.g. Docker, Kubernetes).
• Knowledge to perform penetration testing against AI models.

What We Offer

• Top-of-market competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• A remote-first environment, with occasional travel to collaborate with customers, your team, and teammates from across the company in person
• Home office reimbursement
• 14 weeks of fully-paid parental leave

Salary range: $120,000-$140,000. This represents the typical salary range for this position based on experience, skills, and other factors.

Andesite is an equal opportunity employer, and qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability.