Are you an experienced Application Security Engineer with expertise in penetration testing, cloud security, DevSecOps, and security automation? Qualia is hiring a Senior Application Security Engineer to help secure the technology platform that powers millions of real estate transactions across the United States.
This fully remote role offers a competitive salary of $180,000–$210,000, equity, comprehensive benefits, and the opportunity to shape security strategy across a fast-growing technology company.
About Qualia
Qualia is a leading B2B real estate technology company that simplifies and secures the home buying and selling process. Its digital closing platform connects homebuyers, sellers, lenders, title companies, escrow agents, and real estate professionals in a single collaborative ecosystem.
Millions of consumers use Qualia’s platform each year through its network of business customers, making security a critical component of the company’s success.
About the Role
As a Senior Application Security Engineer, you’ll join a highly technical Application Security team responsible for identifying, preventing, and mitigating security risks across Qualia’s products, cloud infrastructure, and development pipelines.
This is a senior individual contributor role with significant influence across the organization. You’ll work closely with engineering, infrastructure, and platform teams while helping define security standards, architecture decisions, and application security strategies.
Key Responsibilities
Offensive Security Testing
- Conduct manual penetration testing on web applications and APIs.
- Perform authenticated security assessments.
- Develop and validate proof-of-concept exploits.
- Conduct adversarial reviews of new product features before release.
- Identify vulnerabilities beyond automated scanning tools.
Application Security Engineering
- Lead threat modeling exercises.
- Perform secure design reviews.
- Build secure development practices across engineering teams.
- Mentor developers on security best practices.
- Establish reusable security patterns and frameworks.
Security Tooling & Automation
- Manage and improve AppSec tooling.
- Configure and optimize SAST, DAST, and SCA platforms.
- Implement secret scanning solutions.
- Build CI/CD security gates and automated checks.
- Create custom security detections and automation workflows.
Cloud & Infrastructure Security
- Review AWS environments and security configurations.
- Assess IAM policies and access controls.
- Secure Kubernetes and EKS deployments.
- Evaluate networking architecture and cloud boundaries.
- Develop preventive security guardrails and controls.
Security Operations Support
- Partner with platform and infrastructure teams.
- Contribute to incident response efforts.
- Support secrets management initiatives.
- Improve supply chain security practices.
- Assist with runtime security programs.
Required Qualifications
Successful candidates should have:
- 8+ years of hands-on experience in application security, offensive security, or security engineering.
- Strong penetration testing and vulnerability assessment skills.
- Experience securing modern web applications and APIs.
- Expertise with AppSec tools and security automation.
- Experience building security workflows in CI/CD environments.
- Strong cloud security knowledge, particularly AWS.
- Experience with containerized environments such as Docker and Kubernetes.
- Familiarity with Infrastructure as Code technologies.
- Ability to read and contribute to application code.
Technical Skills
Application Security
- Penetration Testing
- Threat Modeling
- Secure Code Review
- Vulnerability Management
- Secure SDLC
Security Tools
- SAST (Static Application Security Testing)
- DAST (Dynamic Application Security Testing)
- SCA (Software Composition Analysis)
- Secret Scanning
- Security Automation
Cloud Security
- AWS IAM
- VPC Security
- Cloud Networking
- Security Monitoring
- Cloud Infrastructure Protection
Containers & DevSecOps
- Docker
- Kubernetes
- Amazon EKS
- CI/CD Security
- Infrastructure as Code
Programming Languages
Experience with one or more of:
- Python
- Go
- Ruby
- TypeScript
Nice-to-Have Qualifications
Additional experience that may strengthen your application includes:
- Fintech or PropTech security experience.
- Bug bounty program participation.
- Identity and access management technologies.
- OIDC and SAML authentication systems.
- Digital forensics and incident response.
- Red Team experience.
- Security research and CVE contributions.
- Industry certifications such as OSCP, OSWE, GPEN, or GWAPT.
Compensation & Benefits
Salary
- $180,000 – $210,000 USD annually
Additional compensation includes:
- Equity package
- Comprehensive health benefits
- 401(k) retirement plan
- Flexible paid time off
- Parental leave
- Professional development opportunities
Remote Flexibility
This position is fully remote within the United States. Employees may also choose to collaborate from Qualia’s offices in:
- San Francisco, California
- Austin, Texas
- Concord, New Hampshire
Why Join Qualia?
Qualia provides the opportunity to solve complex security challenges at scale while protecting one of the most important financial transactions in people’s lives.
You’ll work alongside talented engineers, influence security architecture across the organization, and help build a secure platform used by millions of homebuyers, sellers, lenders, and real estate professionals.
For experienced security engineers who enjoy offensive testing, cloud security, DevSecOps, and building scalable security programs, this role offers significant impact, ownership, and career growth.