Application Security Engineer II

About

Hi, We’re AppFolio

We’re innovators, changemakers, and collaborators. We’re more than just a software company – we’re pioneers in cloud and AI who deliver magical experiences that make our customers’ lives easier. We’re revolutionizing how people do business in the real estate industry, and we want your ideas, enthusiasm, and passion to help us keep innovating.

Role Overview

The Application Security Engineer II will work closely with developers and other security team members to maintain and improve the security posture of AppFolio applications. They will contribute to security initiatives as an individual contributor and work on high‑impact projects as a member of the security engineering team. This will be accomplished with computer programming experience, an understanding of common application security vulnerabilities, an ability to use security testing tools, and a strong passion for the technical aspects of information security.

Your Impact

• Identify vulnerabilities in software applications and help get them fixed
• Provide security guidance and education to developers in order to build a strong security culture and bake security into products early
• Continuously improve tools and techniques in our application security pipeline using AI and scripting skills
• Mentor junior team members and contribute to their professional development

Requirements

Must Have

• B.S. in Computer Science or equivalent work experience
• 3‑5 years of work experience programming in Ruby or a similar language
• 3‑5 years of work experience with a CI/CD pipeline
• 3‑5 years of work experience with threat modeling or risk assessment
• 3‑5 years hands‑on work experience evaluating applications for OWASP Top 10 security risks and recommending fixes/mitigations
• 3‑5 years hands‑on work experience with an enterprise Linux command line
• 3‑5 years hands‑on experience with application security testing tools (SAST, DAST, SCA, Web Proxies like Burp or ZAP)
• 2‑3 years hands‑on experience evaluating applications for compliance with security frameworks like OWASP’s ASVS
• Familiarity with an MVC framework like Rails
• Hands‑on experience evaluating the risk of products that leverage AI/LLM technologies

Nice to Have

• Knowledge of networking principles
• Knowledge of databases and SQL
• Knowledge of cloud platforms and technologies

Compensation & Benefits

• Base Salary: $125,000 – $150,000 (determined by factors such as skills, education, experience, etc.)
• Base pay is one important aspect of a compelling Total Rewards package and does not include additional benefits or bonuses/commissions you may be eligible for.
• Regular full‑time employees are eligible for benefits – see here.

#LI‑KB1