Application Security Engineer Jobs for OPT Students
Application Security Engineer jobs are consistently sponsored on OPT, with employers ranging from fintech and cloud infrastructure firms to enterprise software companies. Most roles require a computer science or cybersecurity degree, making them a strong fit for STEM OPT's 24-month extension. Cap-exempt employers and government contractors frequently hire in this field.
See All Application Security Engineer JobsOverview
Showing 5 of 64+ Application Security Engineer jobs
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
Have you applied for this role?
See all 64+ Application Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Application Security Engineer roles.
Get Access To All JobsPosition- Application Security Engineer -Need candidates from Mobile development back ground
Location: Irving TX- Hybrid (min. 3 days’ work from office)
We should prioritize candidates who were developers before moving into Application Security, as they will be better equipped to conduct deep code reviews and design assessments.
Please avoid profiles that are primarily:
- SOC Analysts
- GRC / Compliance-focused
- Network Security Engineers
- Pure Penetration Testers without architecture review experience
Please note that there will be 2 rounds of customer interview. First round will be a video call and 2nd round should be in person in customer’s office in Irving, TX.
We need to focus on candidates with the following mandatory experience:
1. Core Application Security Experience
- Hands-on experience performing application security assessments
- Architecture-level security reviews and secure deployment assessments
- Strong experience in Threat Modeling (STRIDE / Attack Surface Analysis / Abuse Case Modeling)
- Experience working directly with engineering teams during design and release cycles
- Secure SDLC implementation and security sign-off experience
2. Mobile / IoT / AI Systems Exposure (Critical)
- Security assessment of large-scale mobile applications (iOS and/or Android)
- Experience reviewing mobile application architecture and backend integrations
- Exposure to IoT-connected systems and device-to-cloud security models
- Experience assessing AI/ML-enabled systems (API abuse, data leakage risks, model exposure risks)
We are looking for candidates who can evaluate security posture at system and architecture level.
3. Strong Development Background (Mandatory)
Candidates must have hands-on development experience in one or more of the following:
- Swift (iOS)
- Java / Kotlin (Android or backend)
- Scala (backend systems)
- Python (backend / AI systems)
- C / C++ (IoT / embedded systems)
Position- Application Security Engineer -Need candidates from Mobile development back ground
Location: Irving TX- Hybrid (min. 3 days’ work from office)
We should prioritize candidates who were developers before moving into Application Security, as they will be better equipped to conduct deep code reviews and design assessments.
Please avoid profiles that are primarily:
- SOC Analysts
- GRC / Compliance-focused
- Network Security Engineers
- Pure Penetration Testers without architecture review experience
Please note that there will be 2 rounds of customer interview. First round will be a video call and 2nd round should be in person in customer’s office in Irving, TX.
We need to focus on candidates with the following mandatory experience:
1. Core Application Security Experience
- Hands-on experience performing application security assessments
- Architecture-level security reviews and secure deployment assessments
- Strong experience in Threat Modeling (STRIDE / Attack Surface Analysis / Abuse Case Modeling)
- Experience working directly with engineering teams during design and release cycles
- Secure SDLC implementation and security sign-off experience
2. Mobile / IoT / AI Systems Exposure (Critical)
- Security assessment of large-scale mobile applications (iOS and/or Android)
- Experience reviewing mobile application architecture and backend integrations
- Exposure to IoT-connected systems and device-to-cloud security models
- Experience assessing AI/ML-enabled systems (API abuse, data leakage risks, model exposure risks)
We are looking for candidates who can evaluate security posture at system and architecture level.
3. Strong Development Background (Mandatory)
Candidates must have hands-on development experience in one or more of the following:
- Swift (iOS)
- Java / Kotlin (Android or backend)
- Scala (backend systems)
- Python (backend / AI systems)
- C / C++ (IoT / embedded systems)
How to Get Visa Sponsorship as an Application Security Engineer
Lead with your security certifications
OSCP, CEH, and Security+ certifications signal hands-on competence to hiring managers faster than a degree alone. OPT students who hold at least one recognized security credential move through technical screenings at a noticeably higher rate in this field.
Target STEM-designated program employers first
Application Security Engineering falls under CIP codes that qualify for the 24-month STEM OPT extension. Prioritize employers already familiar with STEM OPT obligations, since they understand the timeline and are far less likely to withdraw offers over authorization concerns.
Demonstrate experience with specific security frameworks
OWASP Top 10, NIST, and MITRE ATT&CK are referenced in most job descriptions. Calling out specific frameworks you have applied, not just studied, in your resume and cover letter directly addresses what hiring managers are screening for in this role.
Highlight any bug bounty or capture-the-flag experience
Practical proof of skill matters more in security than in most engineering disciplines. Bug bounty reports on HackerOne or CTF placements are legitimate portfolio items that demonstrate offensive and defensive competencies employers cannot easily assess from academic credentials.
Understand your employer's H-1B sponsorship history before applying
Application Security Engineers are in high demand, but sponsorship willingness varies significantly by company size and legal infrastructure. Researching a company's past H-1B filings through public OFLC disclosure data helps you prioritize employers likely to support long-term sponsorship after OPT.
Be specific about your OPT start date and STEM extension eligibility
Recruiters in security-sensitive industries need clear authorization timelines upfront. Stating your OPT end date and confirming STEM extension eligibility in your initial outreach eliminates ambiguity and positions you as a candidate who understands their own authorization, which builds recruiter confidence.
Application Security Engineer jobs are hiring across the US. Find yours.
Find Application Security Engineer JobsSee all 64+ Application Security Engineer jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Application Security Engineer roles.
Get Access To All JobsFrequently Asked Questions
Is Application Security Engineer a STEM OPT-eligible role?
Yes. Application Security Engineering roles typically fall under CIP codes in computer science and information security, both of which qualify for the 24-month STEM OPT extension. This gives eligible F-1 students up to three years of work authorization in total, making this one of the stronger fields for OPT students pursuing long-term U.S. employment.
Do employers in this field commonly sponsor OPT students?
Yes, particularly at mid-size and large technology companies, financial institutions, and cloud infrastructure firms. Application security is a specialist function with a well-documented talent shortage, which pushes many employers to sponsor candidates they would otherwise pass on. You can browse OPT-friendly Application Security Engineer openings directly on Migrate Mate, where listings are filtered for sponsorship willingness.
Can I work as an Application Security Engineer on OPT if my degree is in computer science rather than cybersecurity?
Yes. USCIS does not require your degree to be in cybersecurity specifically. A computer science, software engineering, or information systems degree is sufficient, provided your coursework or experience connects reasonably to the security function of the role. Most employers in this field regularly hire engineers with general CS backgrounds who have developed security specialization through coursework, certifications, or projects.
What should I do if a job posting says 'U.S. citizens or permanent residents only'?
This restriction almost always reflects government contracting requirements or access to classified systems, not a general sponsorship policy. For commercial application security roles without clearance requirements, most large employers do not impose this restriction. Focus your search on roles at companies without federal contract dependencies, and use Migrate Mate to filter for positions explicitly open to OPT applicants.
How early should I start my Application Security Engineer job search before my OPT start date?
Start at least three to four months before your expected OPT start date. Technical hiring processes in security often include multiple interview rounds, take-home assessments, and background checks that can run four to six weeks from first contact to offer. Beginning early leaves room to negotiate start dates that align with your EAD arrival and reduces the risk of accepting a role under time pressure.
See which Application Security Engineer employers are hiring and sponsoring visas right now.
Search Application Security Engineer Jobs