Hi, We’re AppFolio

We’re innovators, changemakers, and collaborators. We’re more than just a software company – we’re pioneers in cloud and AI who deliver magical experiences that make our customers’ lives easier. We’re revolutionizing how people do business in the real estate industry, and we want your ideas, enthusiasm, and passion to help us keep innovating.

The Application Security Engineer II will work closely with developers and other security team members to maintain and improve the security posture of AppFolio applications. They will contribute to security initiatives as an individual contributor and work on high-impact projects as a member of the security engineering team. This will be accomplished with computer programming experience, an understanding of common application security vulnerabilities, an ability to use security testing tools, and a strong passion for the technical aspects of information security.

Your impact

• Identify vulnerabilities in software applications and help get them fixed
• Provide security guidance and education to developers in order to build a strong security culture and bake security into products early
• Continuously improve tools and techniques in our application security pipeline using AI and scripting skills
• Mentor junior team members and contribute to their professional development.

Must have

• B.S. in Computer Science or equivalent work experience
• 3-5 years of work experience programming in Ruby or a similar language
• 3-5 years of work experience with a CI/CD pipeline
• 3-5 years of work experience with threat modeling or risk assessment
• 3-5 years hands-on work experience evaluating applications for OWASP Top 10 security risks and recommending fixes/mitigations
• 3-5 years hands-on work experience with an enterprise Linux command line
• 3-5 years hands-on experience with application security testing tools (SAST, DAST, SCA, Web Proxies like Burp or ZAP)
• 2-3 years hands-on experience evaluating applications for compliance with security frameworks like OWASP’s ASVS
• Familiarity with an MVC Framework like Rails
• Hands-on experience evaluating the risk of products that leverage AI/LLM technologies.

Nice to have

• Knowledge of networking principles
• Knowledge of databases and SQL
• Knowledge of cloud platforms and technologies

Compensation & Benefits

The base salary that we reasonably expect to pay for this role is: $125,000 - 150,000

The actual base salary for this role will be determined by a variety of factors, including but not limited to: the candidate’s skills, education, experience, etc.

Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.

Regular full-time employees are eligible for benefits - see here.

#LI-KB1