Skip to content
NinjaTraderNinjaTraderChicago, IL

Staff Security Engineer, Application Security

Staff Security Engineer owning application, API, and supply chain security domains. Hands-on role integrating security into engineering workflows via threat modeling, tooling (SAST/SCA/DAST), automation, and risk-based vulnerability management in cloud-native environments.

210k – 260k
Hybrid7+ YOESecurity Engineering

About the role

What you'll do

Own key security domains such as vulnerability management, application security, API security, and supply chain security.
Drive improvements in security coverage, prioritization, and remediation workflows.
Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
Provide actionable, pragmatic guidance that helps teams ship securely.
Develop and improve security tooling and automation to reduce manual effort.
Implement and tune tools for SAST, SCA, DAST, dependency security, and container security.
Leverage AI/LLMs where appropriate to improve triage, detection, and review processes.
Triage and prioritize vulnerabilities using risk-based approaches.
Partner with teams to ensure timely remediation of critical issues.
Help define and improve SLAs, metrics, and reporting.
Conduct threat modeling, design reviews, and security assessments.
Contribute to incident response and postmortems for security events.
Identify and help remediate systemic risks.

What you'll need

  • 7+ years of experience in Application Security, Product Security, or Security Engineering
  • Strong hands-on experience with threat modeling and secure design
  • Experience with vulnerability management and application security tooling
  • Experience working in cloud-native environments such as AWS and GCP
  • Experience integrating security into CI/CD pipelines and developer workflows
  • Ability to write code in Python, Go, or similar languages for automation and tooling
  • Strong ability to work cross-functionally with engineering teams

Bonus points for

  • Experience scaling security in a high-growth or late-stage startup
  • Familiarity with AI-driven security workflows or automation
  • Background in API security, data protection, or multi-tenant systems
  • Experience with bug bounty programs and penetration testing
  • Security certifications such as CISSP

Compensation

The salary range for this role will be $210,000.00 - $260,000.00 USD. In addition, this position will also receive an annual target bonus of 12%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%).

Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 23 days per year (some positions may qualify for more) plus seven paid holidays.

Skills

Application SecurityThreat ModelingVulnerability ManagementAWSGCPCI/CDPythonGoSASTScaDASTContainer Security
Upside

Staff AppSec Engineer

UpsideWashington, DC

Staff AppSec Engineer owning end-to-end vulnerability identification and remediation. Partner with engineering teams on secure development practices, threat modeling, and AWS security architecture while leveraging AI tools.

210k – 230k
Hybrid6+ YOESecurity Engineering
Crusoe

Staff Corporate Security Engineer

CrusoeSan Francisco, CA

Designs and implements Zero Trust, SASE, and identity-based security architectures to protect corporate networks, SaaS platforms, and AI systems. Requires 8+ years experience in SaaS security, IAM, DLP, and device trust.

210k – 255k
On-site8+ YOESecurity Engineering
Upside

Staff Application Security Engineer

UpsideWashington, DC

Staff-level AppSec engineer building secure coding practices and vulnerability management for a commerce platform. Requires 6+ years in application security with deep AWS and Python experience.

210k – 230k
Remote6+ YOESecurity Engineering
Zoox

Senior/Staff Software Systems Engineer

ZooxFoster City, CA

Design and implement formal methods, tools, and processes to verify safety-critical software for autonomous vehicles. Requires 7+ years experience, advanced degree, and strong background in formal verification, Python, and C++.

208k – 300k
Hybrid7+ YOESecurity Engineering
Rula

Staff Software Engineer - Trust & Safety

RulaLos Angeles, CA

Staff-level engineer to found and lead a new Trust & Safety engineering team, architecting systems to detect fraud, billing anomalies, and credential abuse for a mental healthcare platform.

207k – 243k
Remote8+ YOESecurity Engineering