Leads the development and evolution of the Application Security program, integrating security practices into SDLC through threat modeling, code reviews, and pen testing. Collaborates with engineering teams on web, mobile, and API security for a SaaS platform; requires 10+ years experience building AppSec from inception.
Salary not listed
Remote10+ YOESecurity Engineering
About the role
What You'll Do
Establish and continuously improve the AppSec program's strategy, processes, and tooling.
Collaborate with engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing.
Participate in secure code review and penetration testing efforts.
Contribute to deep-dive security reviews of web, mobile, and API products.
Participate in security training and share learnings with the engineering team.
Assist in incident response.
Gain exposure to SAST/DAST tools and risk assessment.
Mentor junior members of the AppSec team.
What we are looking for
10+ years of experience in application security or related field.
Led inception of Application Security program from the ground up.
Solid understanding of security fundamentals and common vulnerabilities (e.g., XSS, CSRF, SQL Injection).
Ability to identify risks and collaborate with engineers.
Communicate security concepts to technical and non-technical audiences.
Preferred Qualifications
Familiarity with programming languages (C#, React, JavaScript, REST APIs).
Active in security community (B-sides, OWASP, GitLab contributions).
Benefits and Incentives
Competitive Base and Incentive Plan
Stock Options
Health and Welfare Plans*
Life and Disability Plans*
Retirement Plan*
Unlimited Flexible Paid Time Off, including birthday off
Senior Staff Security Engineer owning the roadmap for an AI-driven vulnerability scanning, triage, and automated remediation platform. Requires 8+ years in security engineering with deep cloud/container expertise, offensive security experience, and proficiency in Python/Go/Rust.
200k – 290k/yr
Remote8+ YOESecurity Engineering
Staff Software Engineer
PlaidNew York, NY +2
Staff Software Engineer building and leading development of Plaid's core security infrastructure including IAM, key management, encryption, and access control systems. Requires experience with scalable secure systems architecture plus technical leadership.
222k – 328k/yr
Hybrid7+ YOESecurity Engineering
Staff+ Application Security Engineer
AnthropicSan Francisco, CA +2
Staff Application Security Engineer focused on M&A due diligence and secure integration of acquired codebases and systems at Anthropic. Lead security assessments, risk readouts, post-close remediation and automation using Claude, while contributing to core AppSec work. Requires 7+ years AppSec experience, rapid codebase assessment skills, and coding ability.
320k – 485k/yr
Hybrid7+ YOESecurity Engineering
Staff Security Risk & Compliance Program Manager
ConfluentTexas
Own and evolve Confluent's internal access management program with focus on machine/workload identity, S2S auth, non-human identities, and AI agent controls. Set the Access Management Standard, own metrics/reporting/OKRs, and drive governance, risk reduction, and cross-functional execution for least-privilege outcomes.
222k – 261k/yr
Remote8+ YOESecurity Engineering
Senior/Staff Infrastructure Security Engineer
AbridgeSan Francisco, CA +1
Senior/Staff Infrastructure Security Engineer building self-service security platforms, automating DevSecOps workflows, and designing high-scale security data pipelines and IaC guardrails in a greenfield cloud-native environment at an AI healthcare company. Requires 8+ years software engineering experience with deep cloud and IaC expertise.