Motley Fool

Application Security Engineer

United States

Not SpecifiedCompensation
Junior (1 to 2 years)Experience Level
Full TimeJob Type
UnknownVisa
Financial ServicesIndustries

Application Security Engineer

Who are we?

The Motley Fool is a purpose-driven financial services company on a mission to make the world smarter, happier, and richer. For 30 years, we’ve been helping people make better investment decisions through transparency, education, and Foolish fun. We’re a fast-moving, collaborative team that values high-quality work, curiosity, and initiative. We care deeply about what we do, and we’re driven by the impact our work has on real people’s financial futures.

About the Role

We’re seeking a mid to senior-level Application Security Engineer with strong technical instincts, a bias for action, and the ability to own complex projects end-to-end. You’ll be part of a high-impact team responsible for identifying, validating, and remediating security risks across a multi-language environment (Python, C#, PHP). This is not a checkbox role—success here means taking initiative, verifying deeply, and driving security outcomes without waiting to be told.

A growing focus of this role will be securing AI and LLM-based applications. This is an emerging and rapidly evolving area of security, and we’re looking for someone excited to help define best practices, assess novel risks, and build safeguards into how we use generative AI. You don’t need to be an expert yet—but curiosity, initiative, and a willingness to learn fast are essential.

Key Responsibilities

Project Ownership

  • Own and deliver application security initiatives end-to-end.
  • Define clear quarterly SMART goals and drive toward their completion.
  • Engage stakeholders proactively and escalate blockers before they become issues.
  • Take full responsibility for the delivery of project ownership.

Technical Depth

  • Validate findings through hands-on testing; never assume without verification.
  • Produce detailed, technically accurate risk assessments and remediation advice.
  • Investigate deeply using tools like Semgrep, Feroot, Source Defense, and Noname.
  • Understand the context of the applications you’re securing—business logic, threat model, and operational constraints.
  • Stay current on insecure practices (e.g., eval, shell injection, unsafe deserialization) and ensure they’re recognized and flagged appropriately.

Active Participation and Autonomy

  • Speak up early when you see risk, blockers, or better ways to solve problems.
  • Share context, findings, and decisions proactively in meetings and documentation.
  • Follow through on action items; own gaps and next steps.
  • Operate with transparency—acknowledge unknowns and follow up with answers.

Qualifications

  • Experience: 3–7 years in Application Security, Penetration Testing, or Secure Software Development.
  • Technical Skills:
    • Strong background in Python or other backend languages (C#, PHP).
    • Experience with security testing methodologies and tools, including SAST, DAST, IAST, RASP, SCA, API Security tools (e.g., Noname, Traceable, Levo), Client-side Security tools (e.g., Feroot, Source Defense), and CNAPP.
    • Working familiarity with cloud-based technologies, particularly AWS (e.g., IAM, VPCs, S3, Lambda, CloudFront, Security Groups).
    • Deep understanding of OWASP Top 10, CWE Top 25, and secure SDLC principles.
    • Comfortable working directly with developers and cross-functional stakeholders.
  • Non-Traditional Backgrounds Welcome: We also welcome candidates with non-traditional security backgrounds. If you come from software development, infrastructure, or a related technical field and are passionate about building a long-term career in security, we’d love to hear from you.

Bonus Points

  • Contributions to open-source, bug bounty programs, or security communities.
  • Familiarity with compliance standards like PCI-DSS, SOC 2, or ISO 27001.
  • Prior experience in environments with distributed teams or high agility.

We value people who take initiative, challenge the status quo, and consistently raise the bar. If that’s how you work, you’ll thrive here.

Please note, no sponsorship is available for this position. You must reside in, or be willing to relocate.

Skills

Application Security
Security Risk Assessment
Vulnerability Testing
Python
C#
PHP
Security Tools (Semgrep, Feroot, Source Defense, Noname)
AI Security
LLM Security
Security Project Management

Motley Fool

Provides investment advice and financial education

About Motley Fool

The Motley Fool offers financial services focused on helping individual investors make informed decisions about their money. It provides premium subscription services like Stock Advisor and Rule Breakers, which deliver stock recommendations and investment advice to assist clients in building and managing their investment portfolios. The company generates revenue through subscription fees, website advertising, and affiliate partnerships. Unlike many competitors, The Motley Fool emphasizes a long-term investment philosophy and prioritizes financial education, catering to both novice and experienced investors. Its goal is to enhance financial literacy and empower individuals to achieve smarter, happier, and wealthier lives.

Alexandria, VirginiaHeadquarters
1993Year Founded
$54.2MTotal Funding
LATE_VCCompany Stage
Fintech, Financial ServicesIndustries
501-1,000Employees

Risks

Teads acquisition may lead to integration challenges and cultural clashes.
Cannabis facility investment involves regulatory risks and market volatility.
$5 million Bitcoin investment exposes the company to cryptocurrency market volatility.

Differentiation

The Motley Fool offers a unique blend of financial education and investment advice.
It provides premium subscription services like Stock Advisor and Rule Breakers.
The company champions shareholder values and advocates for individual investors.

Upsides

Increased interest in financial literacy boosts demand for The Motley Fool's services.
The rise of retail investors expands the audience for subscription services.
AI integration allows for personalized investment advice and improved user experience.

Land your dream remote job 3x faster with AI