The need for application security engineers has grown dramatically as legacy applications are moved to the web. Application Security Engineers can be focused on enterprise or mobile applications, but their overall goal is similar: consider all system vulnerabilities of applications from design/development through implementation and maintenance. This is a subject matter expert with strong knowledge of IT architecture, hardware, web security, identity and access management, application firewalls, intrusion detection as well as threats and vulnerabilities.
What it takes
Hands on experience with secure code review, static analysis security testing, dynamic application security testing and strong knowledge of web development technologies. A deep understanding of threat/attack modeling is also critical as well as the ability to interact with cross-functional teams.
Base compensation can range from $100-175K, often with additional incentives. Independent contract rates can be higher.