# Staff AppSec Engineer

**Company:** [Upside](https://hotfix.jobs/companies/upside)
**Location:** Washington, DC
**Role:** Security Engineering
**Salary:** $210k – $230k/yr
**Experience:** 6+ years
**Skills:** Python, AWS, AWS Lambda, Aws Control Tower, Terraform, Github Advanced Security, GitHub Actions, SAST, Sca, IAM, Threat Modeling, Penetration Testing, Vulnerability Management, AI Tools
**Posted:** 2026-06-22

> Staff AppSec Engineer owning end-to-end vulnerability identification and remediation. Partner with engineering teams on secure development practices, threat modeling, and AWS security architecture while leveraging AI tools.

## Job Description

## Responsibilities
- Own identification and remediation of application vulnerabilities end-to-end
- Leverage AI tools to design and deliver scalable security solutions
- Execute automated security testing (SAST, SCA) and work directly with engineers to resolve findings
- Develop threat models and collaborate with product and engineering teams to surface, document, and prioritize risk
- Advise leadership on security architecture decisions and application security best practices
- Build developer security literacy through training, enablement, and vulnerability management guidance
- Participate in penetration testing efforts and support bug bounty program operations
- Contribute to the administration of AWS Control Tower and IAM provisioning workflows
- Stay current with the broader security community and bring emerging trends back to the team

## Requirements
- 6+ years in application security or product security, including hands-on experience reviewing Python code
- Track record of building and delivering solutions in vulnerability management programs
- Deep expertise in AWS security architecture, including Lambda and AWS Control Tower
- Demonstrated experience adopting and integrating AI tools into security or engineering workflows
- Strong communication and collaboration skills

## Nice-to-Haves
- Bachelor's degree in Computer Science, Engineering, or a related field preferred

## Tools & Technologies
- GitHub Advanced Security, GitHub Actions, GitHub Copilot
- Python
- Terraform
- AWS (Lambda, DynamoDB, S3, SNS, SQS, IAM, VPCs)
- ChatGPT
- Snowflake
- SQL

## Compensation & Benefits
- US base salary range: $210,000 - $230,000 + equity + benefits
- Medical, dental, and vision coverage starting on Day 1
- Equity (ISOs)
- 401(k) program
- Family planning programs + paid parental leave
- Physical fitness and wellness memberships
- Emotional and mental health support programs
- Unlimited PTO + 10 paid federal holidays + annual week-long Winter Break
- Flexible work environment
- Lunch reimbursement for in-office employees
- Employee Resource Groups
- Learning and Development stipend

## Similar roles

- [Staff Security Engineer, Application Security](https://hotfix.jobs/jobs/5214d92c-70cc-4cb3-aa3a-342e71db7789) - NinjaTrader - Chicago, IL - $210k – $260k/yr
- [Staff Corporate Security Engineer](https://hotfix.jobs/jobs/b96b394f-21ee-4d9d-8bd8-4c821ffcef81) - Crusoe - San Francisco, CA - $210k – $255k/yr
- [Staff Application Security Engineer](https://hotfix.jobs/jobs/7ac2e48a-851e-4e49-8cb6-83a44f82862c) - Upside - Remote - $210k – $230k/yr
- [Senior/Staff Software Systems Engineer](https://hotfix.jobs/jobs/778eda2f-9ba1-4e9e-9093-db9a8854300c) - Zoox - Foster City, CA - $208k – $300k/yr
- [Staff Software Engineer - Trust & Safety](https://hotfix.jobs/jobs/75025b27-cc32-4ffc-9305-540d29ca5599) - Rula - Remote - $207k – $243k/yr

**Apply:** https://hotfix.jobs/jobs/276da52a-633e-4899-bbe1-257843a4fa8b
**Canonical:** https://hotfix.jobs/jobs/276da52a-633e-4899-bbe1-257843a4fa8b