Keeper Security is hiring an Application Security Engineer to own and advance our in-house application security program. This hands-on role will focus on penetration testing, bug bounty management, and security research to strengthen the security posture of Keeper’s globally distributed platform. You will work directly with our CTO, partner with third-party security testing firms, and collaborate with our development teams to identify, triage, and remediate vulnerabilities.

Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations globally. Keeper is published in 21 languages and is sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and help secure our industry-leading platform.

About Keeper

Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.

About the Role

The Application Security Engineer will be responsible for executing and scaling Keeper’s application security initiatives. This includes performing internal penetration testing, collaborating with third-party security partners, managing our bug bounty program, and conducting security research to identify emerging threats. You will play a critical role in shaping the security posture of our applications and directly contribute to reducing risk across Keeper’s global platform.

Responsibilities

• Perform internal application penetration testing and vulnerability assessments for Java- and React-based applications
• Collaborate with 3rd-party penetration testing firms and validate findings
• Own and manage Keeper’s bug bounty program, including triage and coordination with engineering teams
• Conduct security-focused R&D to identify emerging threats and recommend mitigations
• Work with development teams to integrate security into the SDLC and assist with remediation guidance
• Develop and maintain application security tooling, scripts, and automation where applicable
• Provide clear documentation and reporting of vulnerabilities, risks, and security recommendations

• 5+ years of experience in application security or penetration testing roles
• 7+ years of experience with Java (backend) and React (frontend) for security testing and review
• Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, or similar
• Solid understanding of web application security, OWASP Top 10, and secure coding practices
• Experience managing bug bounty programs (HackerOne, Bugcrowd, etc.)
• Familiarity with common application frameworks, APIs, and cloud-native environments
• Strong analytical and problem-solving skills
• Excellent communication skills for working with developers and leadership

Preferred Qualifications

• Offensive Security certifications (OSCP, OSWE, or equivalent)
• Experience with security automation and scripting (Python, Bash, or similar)
• Familiarity with secure SDLC processes and CI/CD integration
• Background in security R&D, vulnerability research, or exploit development
• Experience with compliance frameworks (SOC 2, FedRAMP, or similar)

• Medical, Dental & Vision (Inclusive of domestic partnerships)
• Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
• Voluntary Short/Long Term Disability Insurance
• 401k (Roth/Traditional)
• A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
• Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Classification: Exempt