Application Security Engineer

at The Motley Fool
💰 $150k-$175k
🇺🇸 United States - Remote
🔒 Cybersecurity🔵 Mid-level

Job description

Who are we?

The Motley Fool is a purpose-driven financial services company on a mission to make the world smarter, happier, and richer. For 30 years we’ve been helping people make better investment decisions through transparency, education, and Foolish fun. We’re a fast-moving, collaborative team that values high-quality work, curiosity, and initiative. We care deeply about what we do, and we’re driven by the impact our work has on real people’s financial futures.

About the Role:

We’re seeking a mid to senior-level Application Security Engineer with strong technical instincts, a bias for action, and the ability to own complex projects end-to-end. You’ll be part of a high-impact team responsible for identifying, validating, and remediating security risks across a multi-language environment (Python, C#, PHP). This is not a checkbox role—success here means taking initiative, verifying deeply, and driving security outcomes without waiting to be told.

A growing focus of this role will be securing AI and LLM-based applications. This is an emerging and rapidly evolving area of security, and we’re looking for someone excited to help define best practices, assess novel risks, and build safeguards into how we use generative AI. You don’t need to be an expert yet—but curiosity, initiative, and a willingness to learn fast are essential.

Key Responsibilities:

Project Ownership

  • Own and deliver application security initiatives end-to-end.
  • Define clear quarterly SMART goals and drive toward their completion.
  • Engage stakeholders proactively and escalate blockers before they become issues.
  • Take full responsibility for the delivery of project ownership.

Technical Depth

  • Validate findings through hands-on testing; never assume without verification.
  • Produce detailed, technically accurate risk assessments and remediation advice.
  • Investigate deeply using tools like Semgrep, Feroot, Source Defense, and Noname.
  • Understand the context of the applications you’re securing—business logic, threat model, and operational constraints.
  • Stay current on insecure practices (e.g. eval, shell injection, unsafe deserialization) and ensure they’re recognized and flagged appropriately.

Active Participation and Autonomy

  • Speak up early when you see risk, blockers, or better ways to solve problems.
  • Share context, findings, and decisions proactively in meetings and documentation.
  • Follow through on action items; own gaps and next steps.
  • Operate with transparency—acknowledge unknowns and follow up with answers.

Qualifications:

3–7 years in Application Security, Penetration Testing, or Secure Software Development.

  • Strong background in Python or other backend languages (C#, PHP).
  • Experience with security testing methodologies and tools, including SAST, DAST, IAST, RASP, SCA, API Security tools (e.g., Noname, Traceable, Levo), Client-side Security tools (e.g., Feroot, Source Defense), and CNAPP.
  • Working familiarity with cloud-based technologies, particularly AWS (e.g., IAM, VPCs, S3, Lambda, CloudFront, Security Groups).
  • Deep understanding of OWASP Top 10, CWE Top 25, and secure SDLC principles.
  • Comfortable working directly with developers and cross-functional stakeholders.

We also welcome candidates with non-traditional security backgrounds. If you come from software development, infrastructure, or a related technical field and are passionate about building a long-term career in security, we’d love to hear from you.

Bonus Points

  • Contributions to open-source, bug bounty programs, or security communities.
  • Familiarity with compliance standards like PCI-DSS, SOC 2, or ISO 27001.
  • Prior experience in environments with distributed teams or high agility.

We value people who take initiative, challenge the status quo, and consistently raise the bar. If that’s how you work, you’ll thrive here.

**Please note, no sponsorship is available for this position. You must reside in, or be willing to relocate to, one of these states for employment: Alabama, California, Colorado, Florida, Louisiana, Maryland, Massachusetts, New Jersey, New York, North Carolina, Oregon, Pennsylvania, South Carolina, Tennessee, Texas, Virginia, Washington DC, and Wisconsin.

Below you’ll see a few of our perks, but check out our Careers Site for the complete list:

  • Flexible, remote work environment (*see our open states above)
  • No “vacation policy” (not to be confused with a “No vacation” policy)
  • Generous fully-paid parental leave
  • $1,000 annually to invest in stocks of your choice
  • Super low premiums for medical, dental, and vision coverage

Comprehensive compensation package, including company equity

Compensation:

Below is our target compensation range. While we are budget conscious, we’re also eager to find the right person for this role, so if your target is outside of this range, please don’t hesitate to apply and we’d be happy to have a conversation.

Annual Pay Range

$150,000—$175,000 USD

By applying on this site, you acknowledge that The Motley Fool will be collecting the personal data you provide for our recruiting purposes. Please see our Applicant Privacy Notice for additional information about how we process, transfer, and store your data, including where that data is stored, and about any additional privacy rights you may have based on your jurisdiction.

Share this job:
Please let The Motley Fool know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at The Motley Fool

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply