Job Description:
Application Security Engineer II
(Remote Candidates will be considered)
Our Story and Our Purpose
National Digital Trust Company (In Organization) has received conditional approval from the Office of the Comptroller of the Currency to open as a federally chartered trust bank to provide a broad range of digital asset services.
We are building a specialized financial institution addressing the growing demand for digital asset services. Our primary business will focus on digital asset custody, providing secure, efficient custodial and fiduciary services for a variety of digital assets.
You will work with foundational systems and processes to help shape our operating model and influence how a new category of financial infrastructure comes to market.
We are looking for builders who handle complexity with confidence and tackle ambitious opportunities while keeping pace with this rapidly evolving industry.
Our Principles
Greatness is a mindset, not an accomplishment. Mediocrity is unacceptable. Excellence is contagious. We hire people because we believe in their greatness. Now is the time to prove us right.
Responsibility comes with the territory. Everyone is an owner, which means we share a common vision and mutual accountability. We act in line with our strategic objectives and the trust our customers place in us. We believe there is no such thing as "not my problem." Taking this level of ownership not only drives our collective success but also offers the potential for significant reward.
Innovation and adaptation are in our DNA. We are in a period of the most dramatic and rapid period of technological change in the history of humankind. Those that stay ahead will thrive, those that don't, won't. We innovate intelligently and thrive on overcoming challenges, to get (at least) a little better every day and ensure our continued growth and success.
Team first. We are reliable teammates working together toward extraordinary success through honesty and accountability. We believe collaboration knows no hierarchy, and we focus on what matters. We work toward consensus, but when necessary, we disagree and commit. We know that winners win.
About the Role
Application Security (AppSec) Engineers are responsible for designing, implementing, and managing security practices that protect NDTC’s applications and services.
As an Application Security Engineer II, you will work closely with software engineers to perform secure code reviews, conduct automated and manual testing, and integrate security throughout the software development lifecycle (SDLC). You will support and approve engineering projects from a security perspective, ensuring applications meet both internal standards and industry best practices.
This is a critical role in safeguarding systems used by our customers. Success requires strong technical depth, critical thinking, adaptability, and a passion for application security in a fast-evolving environment.
Key Responsibilities
Application Security Assessments
Perform automated and manual vulnerability assessments for APIs and web applications
Conduct static (SAST), dynamic (DAST), software composition analysis (SCA), and interactive (IAST) testing
Review findings for exploitability and provide actionable remediation guidance
Perform manual testing to validate vulnerabilities and ensure secure implementations
Secure Development & Engineering Support
Partner with developers to embed security into the SDLC
Participate in and help manage the secure code review approval process
Perform product threat modeling and develop threat-focused validation checks
Ensure new projects are designed, scoped, and deployed securely
Security Tools & Operations
Implement, manage, and optimize application security tools across the organization
Support the operational management of AppSec programs and workflows
Manage cloud security for both internally developed and third-party applications
Contribute to internal security documentation, playbooks, and best practices
Offensive Security & Testing
Support Red Team exercises and external penetration testing engagements
Assist in triaging and responding to bug bounty submissions
Perform validation testing to ensure applications meet internal and industry security standards
Incident Response & Monitoring
Investigate security incidents through research and log analysis
Contribute to incident response processes, documentation, and continuous improvement
Automation & Tool Development
Build or enhance internal tooling to automate security testing, compliance checks, and evidence collection
Write scripts and utilities to improve efficiency and scalability
Evaluate and experiment with new tools to improve application security outcomes
Collaboration & Culture
Serve as a security subject matter expert for engineering and business teams
Promote a strong, approachable security culture across the organization
Operate flexibly across multiple responsibilities in a fast-growing environment
Required Qualifications
3–5+ years of experience in Information Technology, including security tooling
3–5+ years of experience as an Application Security Engineer
1–3+ years of experience in regulated environments (e.g., financial services, fintech)
Strong understanding of web application security principles and architecture
Experience with container technologies and container security
Proficiency in at least one programming language, with willingness to learn additional languages (e.g., Rust, TypeScript)
Experience with CI/CD pipelines and source control tools (Git, GitHub)
Experience evaluating Infrastructure-as-Code (IaC) security across cloud environments
Familiarity with bug bounty programs (participation or triage)
Understanding of OWASP Top 10 and application security best practices across web, DevOps, and emerging AI systems
Strong problem-solving, analytical thinking, and ability to adapt quickly
Preferred Experience, Skills & Knowledge
Security & Compliance
Experience implementing security controls within DevOps / DevSecOps environments
Knowledge of application security risks and mitigation strategies
Familiarity with frameworks and standards such as:
NIST 800-53 / CSF 2.0
NIST SSDF (800-218)
SOC 2, PCI-DSS, PA-DSS
Understanding of Content Security Policy (CSP)
Ability to identify and explain vulnerabilities such as:
XSS, CSRF, injection attacks
MITM attacks
Brute-force and credential attacks
Interest in financial services, digital assets, and custodial security
AI & Emerging Technologies
Experience working with AI tools and understanding of security considerations for generative AI
Familiarity with AI-assisted development workflows, agent-based systems, or MCP-based tools
Willingness to learn and adapt to AI-driven SDLC environments
What Sets You Apart
Curiosity and a continuous improvement mindset
Ability to balance security rigor with engineering velocity
Strong communication skills and ability to influence across teams
Passion for building scalable, practical security solutions
We promote diversity of thought, culture, background, and experience. We are an equal opportunity employer, and employment at our company is based solely on one's merit and qualifications directly related to professional competence. We do not discriminate based on race, creed, color, ancestry, religion, gender, sexual orientation, gender identity, national origin, age, disability, genetic information, military or veteran status, or any other characteristics protected by law.
Featured benefits
Employer-provided: Medical, Dental, and Vision insurance, 401(k), life and disability insurance.