Senior individual contributor responsible for strengthening Apollo's secure software development lifecycle, performing application security reviews, threat modeling, vulnerability management, and AI security for product, platform, and AI-powered features.
190k – 273k/yr
Remote5+ YOESecurity Engineering
About the role
Secure SDLC, design review, and threat modeling
Own and continuously improve the secure software development lifecycle for Apollo applications so security is embedded into design, implementation, and deployment.
Perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features before launch.
Provide practical security architecture guidance to Engineering, Product, and IT teams.
Help define and maintain application-security guardrails, secure design expectations, code review standards, and risk models for new and existing systems.
Vulnerability management and hands-on remediation
Drive execution-heavy vulnerability management across internal reviews, bug bounty, pentests, SCA/runtime findings, and other research signals, ensuring findings are validated, prioritized, routed clearly, and tracked through remediation and verification within SLAs.
Go beyond identifying issues: read the code, explain root cause, propose the safest fix, and directly implement or support remediation when needed for complex vulnerabilities.
Perform hands-on validation and offensive security testing of applications and fixes, including exploit development, bypass testing, adversarial thinking, and focused red-team-style exercises.
Work across common SaaS application security issues including authentication and authorization weaknesses, access control risks, OAuth and CSRF design flaws, SSRF, cryptographic and verification issues, information disclosure and data exposure risks, unsafe execution and deserialization patterns, and dependency or runtime vulnerabilities.
Apply clear, risk-based severity decisions using exploitability, data sensitivity, customer impact, and blast radius.
Tooling, automation, and AI
Configure and improve AppSec tooling and integrations, including SAST configuration, ignore lists, dashboards, and other controls that maintain useful coverage without excessive noise.
Select, build, or refine security tooling, small automations, and workflow enrichments that reduce manual effort and scale AppSec operations responsibly.
Use AI to automate, transform, and scale security and engineering-adjacent processes where it materially improves speed, consistency, or signal quality.
Embed AI-specific security checks into SSDLC reviews and code analysis, including input and output handling, AI-exposed APIs, prompt and response guardrails, and abuse or data-exfiltration paths.
Partner cross-functionally on AI security requirements and controls so AI systems and AI-powered features are designed, deployed, and operated securely.
Engineering enablement and partnership
Support and scale security enablement for engineers and security champions, including secure coding, AppSec, and AI-safety content.
Provide actionable remediation guidance, secure patterns, and examples that help engineering teams fix issues quickly and correctly.
Partner closely with Engineering, Product, Platform, Data, Legal, and other security teams to keep AppSec priorities aligned with business risk and product velocity.
Produce clear documentation, metrics, and written narratives that improve AppSec visibility, observability, and decision-making.
Lead product security for a fintech credit card infrastructure platform. Own API security, auth strategy, fraud primitives, secure SDLC, and compliance for partner-facing services. Hands-on engineering role reporting to Head of Engineering.
190k – 260k/yr
On-site7+ YOESecurity Engineering
Senior Software Engineer - Security
SkydioSan Mateo, CA
Designs, reviews, and builds security systems for multi-tenant cloud and corporate environments, including architecture guidance, internal tooling like WAF and vuln management, and compliance controls. Requires 5+ years in cloud security, AWS expertise, and strong Python/Go coding skills.
Senior Security Engineer drives security solutions for Sentry's cloud-based application and Kubernetes platform, partnering with engineering on architecture, threat modeling, and implementations. Requires 6+ years experience securing distributed systems, cloud/container environments, and programming in Python/Go/Rust.
190k – 280k/yr
Hybrid6+ YOESecurity Engineering
Senior Software Engineer, Anti-Abuse & Security
ReplitFoster City, CA
Builds AI-powered anti-abuse detection systems using LLMs to combat phishing, cryptomining, and platform exploitation at scale. Requires 4+ years in security engineering with Python/TypeScript and data analysis experience.
190k – 240k/yr
Hybrid4+ YOESecurity Engineering
Senior Infrastructure Security Engineer
DropboxUnited States
Senior security engineer focused on securing AI/agentic infrastructure, LLM/RAG systems, identity for non-human workloads, and cloud/K8s platforms. Requires 9+ years experience and strong scripting skills.