Skip to content
OneleetOneleetBeaverton, OR

Application Security Engineer

Application Security Engineer building and tuning the security judgment layer for a cybersecurity platform, integrating tooling, reducing noise, and partnering with product and engineering teams.

Salary not listed
Remote5+ YOESecurity Engineering

About the role

Key Responsibilities

  • Own the integration, configuration, and output quality of security tooling that powers our platform
  • Tune outputs to maximize signal and minimize noise — decide what to surface, what to suppress, and what to enrich
  • Design rules, severity scoring, and triage flows that make findings actionable rather than overwhelming
  • Build the security judgment layer on top of underlying tooling — context-aware prioritization and exploitability reasoning
  • Partner with engineers on how findings are presented in the UI and how remediation flows work
  • Work with PM and design on roadmap priorities, providing the security expertise that drives what to build next
  • Review and shape architectural choices that affect security outcomes
  • Engage with customers directly to understand how they use the platform and what's blocking adoption
  • Benchmark our output quality against competitors and close gaps where they exist
  • Contribute back to the open source security tooling we depend on where it makes sense

Qualifications

  • 5+ years of application security experience, with significant time shipping security products
  • Strong programming skills in at least one of Go, Python, or TypeScript
  • Hands-on experience tuning security tooling for production use — reducing false positives, building suppression logic, designing severity models
  • Understanding of vulnerability research, CVE/CWE taxonomies, and exploit reasoning
  • Experience determining what makes a security finding actionable vs. just technically true
  • Excellent communication skills and comfort working directly with customers
  • Pragmatic approach to building things fast without unnecessarily complicating things
  • Experience thriving in a fast-moving, start-up engineering environment

Nice-to-Haves

  • Prior experience shipping a security product at a vendor
  • Contributions to open source security tooling
  • Offensive security background or OSCP / similar certifications
  • Hands-on experience with LLM agents, tool use, or autonomous AI systems

Skills

Application SecurityGoPythonTypeScriptSecurity ToolingVulnerability ResearchCveCweFalse Positive ReductionSeverity ScoringExploit ReasoningOpen Source Security
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering
Zocdoc

Application Security Engineer

ZocdocUnited States

Application Security Engineer partnering with engineering teams to embed security into the SDLC, triage SAST/SCA findings, provide remediation guidance on OWASP issues, maintain security docs/playbooks, support governance/audits, and integrate GenAI tools while building AI governance guardrails.

100k – 140k/yr
RemoteSecurity Engineering
Cloudflare

Detection & Mitigation Engineer

CloudflareUnited States

Security Detections Engineer identifying attacker TTPs, building real-time detections, and mitigating threats/abuse across Cloudflare's global platform using data analysis, SQL, scripting, and threat intelligence. Requires strong analytical and communication skills.

Salary not listed
HybridSecurity Engineering
Mintlify

Security & Compliance Operations Manager

MintlifySan Francisco, CA

Own and run Mintlify's end-to-end security and compliance programs (SOC 2, ISO 27001/42001, GDPR, Microsoft SSPA) as the first dedicated GRC Program Manager. Administer Drata, manage audits/vendors/evidence, handle customer-facing compliance, and coordinate with engineering.

120k – 180k/yr
On-site3+ YOESecurity Engineering