Application Security Engineer

Who We Are

SmartRent (NYSE: SMRT) is revolutionizing how people live and work with the industry's only end-to-end platform designed for the rental housing industry. By uniting purpose-built software, integrated hardware and full implementation and support in one ecosystem, we help owners and operators simplify operations, cut costs and deliver exceptional resident experiences. Recognized by Deloitte, HousingWire and the PropTech Breakthrough Awards, SmartRent is shaping the future of property technology and redefining what it means to make rental housing smarter.

Job Description

The Application Security Engineer is responsible for supporting the security and privacy of the SmartRent platform through the management of information security risk, system resilience, and compliance activities. This role uses cloud-native and third-party security tools to protect company assets and data across multiple platforms.

This role partners with engineering, development, and external stakeholders to implement and maintain security policies, processes, and standards, including secure software development lifecycle (SDLC) practices. Success in this role requires strong communication skills, the ability to coordinate across multiple technical teams, and the ability to support consistent security practices across the organization.

Responsibilities

• Develop and execute a comprehensive application security strategy aligned with business objectives and industry standards.
• Maintain and advise on secure coding standards, security documentation, and application security processes.
• Deliver application security and privacy training for development teams.
• Review source code to identify security vulnerabilities, insecure patterns, secrets exposure, and risks associated with AI-generated code.
• Triage, reproduce, and support remediation of application vulnerabilities (e.g., SQL injection, XSS, access control weaknesses) identified through automated tools (SAST, DAST, SCA) or manual analysis.
• Manage application security workflows, including task prioritization, ticket tracking, and coordination with development and DevOps teams.
• Maintain and enhance SmartRent's responsible disclosure and vulnerability reporting program.
• Partner with developers to implement encryption, hashing, and secure key management practices.
• Collaborate with developers and engineering teams to perform threat modeling, identify attack paths, and assess weaknesses.
• Lead the investigation and mitigation of application-level security incidents, collaborating with the SOC and engineering teams to ensure rapid remediation and stakeholder communication.
• Provide guidance on security and privacy controls for cloud infrastructure (AWS), application development, and IoT hardware.
• Conduct regular application risk assessments to identify vulnerabilities and emerging threats.
• Research emerging cybersecurity risks and recommend mitigation strategies as appropriate.
• Perform adversarial testing and security validation of applications, including internal AI models and services.
• Use cloud-native security tools to identify and secure large language model (LLM) integrations and implement appropriate security guardrails.

Required Qualifications

• 4-6 years of experience in application security, including development and maintenance of security policies and collaboration with engineering and release teams.
• Experience identifying and remediating application vulnerabilities across modern programming languages, including Elixir, JavaScript, Ruby, Python, or similar languages.
• Strong knowledge of OWASP Top 10, OWASP API Top 10, and modern authentication mechanisms, including JWT and OAuth.
• Hands-on experience with application security tools, including SAST, DAST, and SCA platforms (e.g., GHAS, Burp Suite, Fortra, or similar tools).
• Experience working with cloud security controls, including AWS-native tools, web application firewalls (WAF), or similar technologies.
• Experience managing or supporting vulnerability disclosure or bug bounty programs.
• Strong written and verbal communication skills, with the ability to clearly communicate security requirements to technical teams.
• Demonstrated problem-solving and analytical skills in identifying and mitigating application security risks.

Preferred Qualifications

• Industry certifications such as CSSLP, GIAC GWAPT, CEH, or equivalent security certifications.
• Experience working with CloudFlare, AWS security services, or similar cloud-native security tools.
• Experience integrating security practices into SDLC processes.
• Experience supporting threat modeling or application security architecture reviews.

We Put Our Employees First

We offer a comprehensive and competitive benefits package designed to support your well-being and future. For our US employees, this includes medical, dental, vision, and life insurance with low deductibles and 75-100% employer contributions. We also provide flexible and generous PTO (because we know how important work-life balance is), a competitive 401(k) with employer contributions, paid parental leave, discounted insurance plans for pets and legal services and an employee stock purchase plan to help you invest in your future.

You'll fit right in if you:

• Do the hard work and go out of your way to deliver excellence

• Own outcomes and learn from your mistakes

• Are a collaborative and supportive team player-win or lose, you lift others up

• Value authenticity, diverse perspectives, and inclusion in the workplace

• Have a passion for smart tech and the real estate industry

Privacy Policy