# Full Stack Security Engineer

**Company:** [Runpod](https://hotfix.jobs/companies/runpod)
**Location:** Remote
**Role:** Security Engineering
**Salary:** $152k – $175k/yr
**Experience:** 5+ years
**Skills:** Application Security, Python, Go, JavaScript, TypeScript, Owasp Top 10, Api Security, OAuth, OIDC, Jwt, Burp Suite, Zap, SAST, DAST, Sca
**Posted:** 2026-07-15

> Full Stack Security Engineer embedding with engineering teams to secure Runpod's AI cloud platform. Lead threat modeling, fix vulnerabilities by writing code in Python/Go/TS, implement DevSecOps pipelines, and champion security across web apps, APIs, and microservices.

## Job Description

## Responsibilities
- Lead threat modeling, architecture reviews, and code reviews for web applications, APIs, and microservices.
- Actively develop and commit code to fix security flaws in Python, Go, or JavaScript/TypeScript codebases.
- Implement, tune, and manage security testing tools (SAST, DAST, SCA) within CI/CD pipelines.
- Configure and manage application-layer security controls including WAF, bot protection, and API gateways.
- Provide security guidance, secure coding training, and standard operating procedures to development teams.
- Collaborate on product-level compliance with SOC 2, ISO 27001, GDPR and participate in bug bounty triage.

## Requirements
- 5+ years of experience in application security, product security, or as a software engineer with heavy security focus.
- Strong programming and code-review skills in Python, Go, JavaScript/TypeScript or similar.
- Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and authentication (OAuth, OIDC, JWT).
- Hands-on experience with offensive web security testing tools (Burp Suite, ZAP).
- Experience building and maintaining automated security pipelines (DevSecOps).
- Ability to translate complex security risks into actionable engineering tasks.

## Nice-to-Haves
- Relevant certifications (OSWE, GWAPT, CISSP).
- Experience securing cloud-native applications on Kubernetes/Docker.
- Background managing bug bounty programs or coordinated vulnerability disclosures.

## Compensation & Benefits
- Base pay: $152,000 - $175,000 (may vary by experience, qualifications, and location).
- Meaningful equity (stock options for all team members).
- Generous medical, dental & vision plans.
- Flexible PTO.
- $1,200 home office & equipment stipend.
- Remote-first with Slack-based collaboration.

## Similar roles

- [Cloud Infrastructure Security Engineer](https://hotfix.jobs/jobs/c1242456-9dcd-4b44-b9cb-d19a59d3edac) - Runpod - Remote - $152k – $175k/yr
- [Manager, Product Security](https://hotfix.jobs/jobs/bf4497bd-cd12-4187-8e81-2050865a76f5) - Chime - San Francisco, CA - $152k – $210k/yr
- [Threat Intelligence Researcher (Cloud)](https://hotfix.jobs/jobs/d96cf3cb-eae0-4049-a146-831c6d933b20) - Wiz - Remote - $151k – $208k/yr
- [Software Engineer, Identity](https://hotfix.jobs/jobs/95795ec8-bfd1-44c8-a7a1-b16c9be3d31b) - Mercor - San Francisco, CA - $150k – $325k/yr
- [IT Security Operations Engineer](https://hotfix.jobs/jobs/ab8df8f3-05c1-4b41-a516-c95445575498) - AKASA - San Francisco, CA - $150k – $190k/yr

**Apply:** https://hotfix.jobs/jobs/8663cf4e-df75-4318-9410-189edd5593cc
**Canonical:** https://hotfix.jobs/jobs/8663cf4e-df75-4318-9410-189edd5593cc