×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Application Security Engineer

Job in Rochester, Oakland County, Michigan, 48308, USA
Listing for: OneStream Software
Full Time position
Listed on 2026-02-14
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below

Senior Application Security Engineer

Location: Remote, USA
Employment Type: Full-Time
Compensation: $ - $ (Range applies to US candidates only) + Benefits/Variable Comp/Equity - Range may vary based on experience.
Benefits Offered: Vision, Medical, Life, Dental, 401K

Summary

The Senior Application Security Engineer joins the Information Security team and plays a key role in securing the One Stream platform throughout the software development lifecycle. This role is responsible for defining and enforcing secure coding and development practices, performing application security testing to identify risks and vulnerabilities before release and in production, and reviewing the output of application security tools to provide clear remediation guidance across the organization.

In addition, the Senior Application Security Engineer partners with engineering teams on the planning and architecture of new features, contributes to platform security design, and leads or supports the development of custom security tools and scanning capabilities. The ideal candidate brings a strong foundation in secure development and programming practices, hands‑on experience with C# and .NET, and a passion for protecting customers.

This role requires effective communication across technical and non‑technical audiences and may involve developing proof‑of‑concept exploits to validate vulnerabilities and assess real‑world risk.

Primary Duties and Responsibilities
  • Perform manual and automated application security testing to identify vulnerabilities across the One Stream platform.
  • Conduct code analysis to assess and ensure the security of application code.
  • Evaluate the software development lifecycle (SDLC) to identify opportunities to strengthen application and supply‑chain security.
  • Partner with Development and Engineering teams to embed security into One Stream services and workflows.
  • Collaborate with members of the Security team to identify attack patterns and indicators of compromise.
  • Design, develop, and maintain custom security testing tools to support internal testing efforts.
  • Define, document, and enforce secure development policies, standards, and procedures.
  • Provide mentorship and technical guidance to junior members of the Security team to support growth and knowledge sharing.
  • Document, communicate, and report security findings and risks identified during testing activities.
  • Perform penetration testing against One Stream assets to validate application and infrastructure security.
  • Conduct security architecture and design reviews to ensure secure‑by‑design implementations.
  • Provide secure design and secure coding guidance to engineering teams throughout the development lifecycle.
Required

Education and Experience
  • One of the following combinations of education and experience:
    • Bachelor's degree in Computer Science, Engineering, or a related field with 8+ years of experience in application security testing, penetration testing, or software development;
    • Master's degree in Computer Science, Engineering, or a related field with 3+ years of experience in application security testing, penetration testing, or software development;
    • Associate degree in Computer Science, Engineering, or a related field with 12+ years of experience in application security testing, penetration testing, or software development.
  • 3+ years of hands‑on experience conducting threat modeling for applications and systems and translating findings into actionable remediation guidance.
Preferred

Education and Experience
  • Experience writing and reviewing C# and .NET code, including secure coding and code review practices.
  • Hands‑on experience performing penetration testing of web applications.
  • Experience decompiling and reverse engineering .NET libraries.
  • Broad experience across IT security and infrastructure, security risk management, and compliance frameworks such as SOC 2 and FedRAMP, including security policies, procedures, testing, auditing, and internal audit.
  • Industry‑recognized offensive security or penetration testing certifications, such as:
    • Offensive Security Certified Professional (OSCP)
    • GIAC Exploit Researcher and Advanced Penetration Tester (GXPN)
    • GIAC Penetration Tester (GPEN)
    • Ot…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search