Application Security Engineer Green Card Jobs
Application Security Engineer roles qualify for EB-2 and EB-3 green card sponsorship through the PERM labor certification process, which requires employers to document that no qualified U.S. workers are available before filing your I-140 petition. Security engineering's specialized degree and skills requirements make PERM approvals straightforward for most sponsoring employers.
See All Application Security Engineer JobsOverview
Showing 5 of 99+ Application Security Engineer jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 99+ Application Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Application Security Engineer roles.
Get Access To All JobsReady to be a Titan?
At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an AI-Focused Staff Application Security Engineer to help define and deliver a secure paved road, creating automated, developer friendly security patterns that enable our 80 plus R&D teams to build securely by default without slowing down innovation.
In this role, you will partner closely with engineering to embed practical guardrails, manage emerging risks like non-human identities and data exposure, and enable teams to move quickly without compromising trust. This is an opportunity to shape the future of application security in an AI first environment, turning security into a core enabler of innovation rather than a constraint.
What you’ll do:
Secure-by-Design Engineering
- Pipeline Automation: Embed security directly into the development pipeline through intelligent prompting and AI driven agents.
- Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built in from the start.
- Supply Chain Protections: Implement controls to secure dependencies, build artifacts, and third party integrations. Partner with engineering to enforce integrity, provenance, and policy checks within build and release workflows.
AI-Driven Security Testing & Validation
- Automated Scanning: Evaluate, configure, and implement AI agentic tooling to autonomously test our web applications for vulnerabilities.
- Simulation & Validation: Use agentic tooling to run proactive simulations based on emerging threats to validate our defenses in real time.
- Outcome Accountability: Drive adherence to vulnerability remediation SLAs by partnering with engineering teams to track, prioritize, and resolve security issues. Ensure clear ownership, measurable progress, and consistent follow through to reduce risk and maintain accountability.
AI & Identity Security
- AI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle.
- AI-Driven Tooling: Help operationalize AI based tooling to act as a "GPS" for developers, tuning the system to provide accurate, on demand threat modeling, design, and development advice.
- Non-Human Identity Management: Partner with engineering to define and implement strategies for managing machine identities across AI systems, including service accounts, API keys, and agent authentication. Enforce least privilege access, credential lifecycle management, and integration with secrets management and CI CD pipelines to reduce risk and prevent misuse.
Developer Enablement & Security Operations
- Technical "Pit Crew": Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities.
- Contextual Training: Assist in setting up "Just in Time" training campaigns that trigger micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code.
- Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands on work to identify the "noise" and pattern match recurring issues, directly informing which guardrails you build next.
What you’ll bring:
- Experience: 7-10+ years of experience in Product/Application Security, with a strong background in software engineering.
- Demonstrated AI Expertise: Proven experience at the intersection of AI and security, including securing AI workloads and leveraging AI agents to enhance defensive capabilities.
- Modern AppSec: Experience implementing tools and driving for secure outcomes throughout the Secure Software Development Lifecycle including Threat Modeling, Code Scanning, and Penetration testing.
- Automation Mindset: Proven ability to prompt, script, and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.
Why this role?
Own Outcomes, Not Activity: Your success will be measured by real risk reduction. You will directly influence vulnerability backlog reduction, remediation velocity, and the overall security posture of the organization.
Operate at the Intersection of Engineering and Security: You will work side by side with engineering teams to shape how software is built, secured, and deployed. This role gives you the platform to influence architecture, development practices, and platform level controls.
Lead the Next Evolution of AppSec: You will help define how modern security teams leverage automation and intelligent systems to scale. From secure by design patterns to autonomous testing and remediation, you will be pushing the boundaries of how security is done.
High Ownership, High Leverage: You will have the autonomy to identify problems, design solutions, and implement them end to end. The work you do will scale across teams and services, amplifying your impact well beyond a single application or domain.
Be Human With Us:
Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us.
Use of AI Technology:
We use technology, including automated and AI-assisted tools, to support certain aspects of our recruitment process. These tools are designed to improve efficiency and enhance the candidate experience. AI tools are not used to make hiring decisions; all hiring decisions are made by our hiring teams.
What We Offer:
When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:
- Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
- Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
- Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.
At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
ServiceTitan is committed to fair and equitable compensation for all of our employees. We thoughtfully consider a wide range of factors when determining individual compensation. The expected salary range for this role for candidates residing in the United States is between $152,600 USD - $204,200 USD. Compensation for candidates residing outside the United States will vary by location and the specific salary range will be discussed during the hiring process. Actual compensation for an individual may vary depending on skills, performance over time, qualifications, experience, and location. In addition to the base salary, the total compensation package also includes an annual bonus, equity and a holistic suite of benefits.
Ready to be a Titan?
At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an AI-Focused Staff Application Security Engineer to help define and deliver a secure paved road, creating automated, developer friendly security patterns that enable our 80 plus R&D teams to build securely by default without slowing down innovation.
In this role, you will partner closely with engineering to embed practical guardrails, manage emerging risks like non-human identities and data exposure, and enable teams to move quickly without compromising trust. This is an opportunity to shape the future of application security in an AI first environment, turning security into a core enabler of innovation rather than a constraint.
What you’ll do:
Secure-by-Design Engineering
- Pipeline Automation: Embed security directly into the development pipeline through intelligent prompting and AI driven agents.
- Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built in from the start.
- Supply Chain Protections: Implement controls to secure dependencies, build artifacts, and third party integrations. Partner with engineering to enforce integrity, provenance, and policy checks within build and release workflows.
AI-Driven Security Testing & Validation
- Automated Scanning: Evaluate, configure, and implement AI agentic tooling to autonomously test our web applications for vulnerabilities.
- Simulation & Validation: Use agentic tooling to run proactive simulations based on emerging threats to validate our defenses in real time.
- Outcome Accountability: Drive adherence to vulnerability remediation SLAs by partnering with engineering teams to track, prioritize, and resolve security issues. Ensure clear ownership, measurable progress, and consistent follow through to reduce risk and maintain accountability.
AI & Identity Security
- AI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle.
- AI-Driven Tooling: Help operationalize AI based tooling to act as a "GPS" for developers, tuning the system to provide accurate, on demand threat modeling, design, and development advice.
- Non-Human Identity Management: Partner with engineering to define and implement strategies for managing machine identities across AI systems, including service accounts, API keys, and agent authentication. Enforce least privilege access, credential lifecycle management, and integration with secrets management and CI CD pipelines to reduce risk and prevent misuse.
Developer Enablement & Security Operations
- Technical "Pit Crew": Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities.
- Contextual Training: Assist in setting up "Just in Time" training campaigns that trigger micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code.
- Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands on work to identify the "noise" and pattern match recurring issues, directly informing which guardrails you build next.
What you’ll bring:
- Experience: 7-10+ years of experience in Product/Application Security, with a strong background in software engineering.
- Demonstrated AI Expertise: Proven experience at the intersection of AI and security, including securing AI workloads and leveraging AI agents to enhance defensive capabilities.
- Modern AppSec: Experience implementing tools and driving for secure outcomes throughout the Secure Software Development Lifecycle including Threat Modeling, Code Scanning, and Penetration testing.
- Automation Mindset: Proven ability to prompt, script, and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.
Why this role?
Own Outcomes, Not Activity: Your success will be measured by real risk reduction. You will directly influence vulnerability backlog reduction, remediation velocity, and the overall security posture of the organization.
Operate at the Intersection of Engineering and Security: You will work side by side with engineering teams to shape how software is built, secured, and deployed. This role gives you the platform to influence architecture, development practices, and platform level controls.
Lead the Next Evolution of AppSec: You will help define how modern security teams leverage automation and intelligent systems to scale. From secure by design patterns to autonomous testing and remediation, you will be pushing the boundaries of how security is done.
High Ownership, High Leverage: You will have the autonomy to identify problems, design solutions, and implement them end to end. The work you do will scale across teams and services, amplifying your impact well beyond a single application or domain.
Be Human With Us:
Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us.
Use of AI Technology:
We use technology, including automated and AI-assisted tools, to support certain aspects of our recruitment process. These tools are designed to improve efficiency and enhance the candidate experience. AI tools are not used to make hiring decisions; all hiring decisions are made by our hiring teams.
What We Offer:
When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:
- Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
- Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
- Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.
At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
ServiceTitan is committed to fair and equitable compensation for all of our employees. We thoughtfully consider a wide range of factors when determining individual compensation. The expected salary range for this role for candidates residing in the United States is between $152,600 USD - $204,200 USD. Compensation for candidates residing outside the United States will vary by location and the specific salary range will be discussed during the hiring process. Actual compensation for an individual may vary depending on skills, performance over time, qualifications, experience, and location. In addition to the base salary, the total compensation package also includes an annual bonus, equity and a holistic suite of benefits.
See all 99+ Application Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Application Security Engineer roles.
Get Access To All JobsTips for Finding Green Card Sponsorship as an Application Security Engineer
Target employers with active PERM filings
Search the DOL's OFLC disclosure data for employers who have previously filed PERM certifications for security engineering titles. Companies with a filing history have established internal processes, meaning your case moves faster than at first-time sponsors.
Find green card sponsors using Migrate Mate
Filter Application Security Engineer roles by green card sponsorship history on Migrate Mate. You'll see which employers have sponsored foreign workers for similar titles, saving weeks of manual research before your first outreach.
Clarify job duties to satisfy PERM specificity
PERM requires your employer to advertise the exact role being sponsored. If your duties span both software development and security, work with HR to draft a job description that reflects the appsec scope accurately, or a misclassified posting risks DOL rejection.
Understand the PERM recruitment window before accepting an offer
Your employer must run a mandatory 30-day DOL recruitment period and then wait 30 days before filing. Confirm this timeline during offer negotiations so your start date, any OPT or H-1B expiration, and the PERM filing window align without a gap in authorization.
Application Security Engineer jobs are hiring across the US. Find yours.
Find Application Security Engineer JobsApplication Security Engineer Green Card Sponsorship: Frequently Asked Questions
Does an Application Security Engineer role qualify for EB-2 or EB-3 sponsorship?
Most Application Security Engineer positions qualify for both categories. EB-2 applies when the role requires a master's degree or equivalent experience in a specialized security discipline. EB-3 covers roles requiring at least a bachelor's degree. Your employer chooses the category when filing the PERM labor certification, so the job description's stated minimum requirements are what determines eligibility, not your personal credentials alone.
How is the green card process different from H-1B sponsorship for this role?
H-1B is a temporary status subject to annual cap lotteries and six-year limits. Green card sponsorship through PERM and an I-140 petition leads to permanent residency with no renewal concerns. There is no cap on EB-2 and EB-3 filings themselves, though per-country backlogs can extend wait times for nationals of India and China. The PERM process also requires your employer to run active recruitment, which H-1B does not.
What documentation do I need to support a PERM filing as an Application Security Engineer?
You'll need degree transcripts, any professional certifications like CISSP, CEH, or OSCP, and a detailed employment history showing progressive responsibility in application security. If your foreign degree is not from a U.S. institution, a credential evaluation from a NACES-member organization is typically required. USCIS and DOL both review these records during the I-140 and PERM audit stages.
How do I find employers who actively sponsor green cards for security engineering roles?
Search for Application Security Engineer positions filtered by green card sponsorship on Migrate Mate. The platform surfaces employers with a documented history of PERM filings for similar titles, so you can prioritize outreach to companies that have already navigated the process rather than starting conversations with employers who are unfamiliar with it.
Can my employer start the PERM process while I'm on an H-1B, and will my status be protected?
Yes. Employers can file a PERM labor certification and an I-140 petition while you're in valid H-1B status. Under AC21 portability rules, once your I-140 is approved and your priority date is more than 180 days old, you gain significant flexibility to change employers or roles without losing your place in the green card queue. USCIS administers the I-140 stage after DOL certifies the PERM.
See which Application Security Engineer employers are hiring and sponsoring visas right now.
Search Application Security Engineer Jobs