Skip to content
ReltioReltioUnited States

Staff Application Security Engineer

Staff Application Security Engineer defining and driving secure architecture, SDLC, threat modeling, and AI/agentic security guardrails for a cloud-native SaaS platform. Requires 8+ years in appsec or software engineering with technical leadership experience.

114k – 240k/yr
Remote8+ YOESecurity Engineering

About the role

Security Architecture & Technical Leadership

  • Serve as the senior application security subject matter expert, providing guidance on industry best practices, secure design patterns, and defense-in-depth strategies for the product security architecture.
  • Define and drive the overall application/product security architecture, vision, strategy, and roadmap across the platform and services.
  • Influence engineering architecture and roadmap decisions without direct authority, driving risk-based consensus across teams.
  • Mentor and uplevel application security engineers and development teams, raising the secure-coding maturity of the broader organization.

Secure Development Lifecycle & Shift-Left

  • Embed security throughout the SDLC, from design through deployment, and define secure coding standards and best practices adopted across teams.
  • Drive shift-left initiatives by providing guidance, tooling, paved-road patterns, and remediation support that enable engineers to build securely from the outset.

CI/CD Pipeline Security

  • Design and implement security controls within CI/CD pipelines, enabling automated security testing and vulnerability detection at scale.
  • Operationalize SAST, SCA, DAST, and secrets scanning as policy-driven, low-friction gates; partner with release management on secure deployment checks and policy compliance.

Threat Modeling & Risk Assessment

  • Lead threat modeling sessions for complex, high-impact systems to identify and mitigate security risks early in design and architecture phases.
  • Perform technical risk assessments of new technology and ensure solutions meet secure architecture designs; assess, measure, and clearly communicate risk impact to stakeholders.

Vulnerability Management

  • Analyze and validate remediation of application security findings from SAST, SCA, DAST, API testing, penetration tests, and manual assessments.
  • Drive risk-based prioritization of fixes, reduce false positives, and provide clear, actionable remediation guidance with proper pre-release validation.

API Security

  • Partner with engineering to ensure secure API design and implementation; identify and mitigate authentication/authorization issues, data exposure, rate-limiting gaps, and OWASP API Top 10 risks.

AI & Agentic Security

  • Define AI security guardrails for AI and multi-agent platforms, addressing prompt/output validation, insecure model usage, data leakage, and tenant-isolation concerns.
  • Establish security standards for Model Context Protocol (MCP) servers and tools—covering tool authorization, scoping, and abuse prevention—and lead threat modeling of agentic workflows (autonomous tool use, indirect prompt injection, excessive agency).
  • Develop new defense techniques to detect and stop advanced application- and AI-layer adversary tactics, and evaluate AI-assisted security tooling to scale detection and remediation.

Penetration Testing & Security Validation

  • Perform and oversee application, API, and AI/agent penetration testing; build and curate test payloads (including prompt-injection and guardrail bypass suites) and validate control effectiveness.

Training, Collaboration & Continuous Improvement

  • Deliver secure-coding, API, and AI-security guidance and hands-on support during code and design reviews.
  • Partner with DevOps, QA, Engineering, Product, and Release Management to integrate security requirements throughout development and release.
  • Stay current on emerging application, API, and AI/agentic security threats and continuously improve security processes, tooling, and overall posture.
  • Investigate security events and incidents leveraging security tooling, and support customer-facing security communications as needed.

Requirements

  • 8+ years of experience in application security or software development, including significant time in a cloud-native or SaaS environment.
  • Demonstrated technical leadership as a senior individual contributor: setting standards, driving cross-team initiatives, and influencing architecture without direct authority.
  • Hands-on experience with secure coding practices and modern application development; proficiency leading secure code reviews.
  • Strong understanding of cloud well-architected frameworks, application development, and deployment workflows.
  • Strong understanding of application security vulnerabilities (OWASP Top 10) and prevention strategies.
  • Strong understanding of API security principles and the OWASP API Top 10.
  • Experience integrating security into CI/CD and release management processes (e.g., Jenkins, ArgoCD, or similar).
  • Experience with application security testing methodologies—SAST, SCA, and DAST—integrated into CI/CD pipelines.
  • Experience with AI security concepts, including guardrails, prompt and output validation, data protection, and MCP security.
  • Hands-on experience with web technologies such as Java, Java Spring Boot, JavaScript, Node.js, C#, modern UI frameworks, microservices, and cloud-native/serverless.

Skills

Application SecuritySecure SdlcThreat ModelingSASTScaDASTOwasp Top 10Api SecurityAi SecurityPrompt InjectionMcp SecurityJavaSpring BootJavaScriptNode.js
MongoDB

Security Software Engineer, Infrastructure Security (Staff or Senior)

MongoDBAustin, TX +2

Designs and builds scalable security controls and services for MongoDB Atlas multi-cloud infrastructure using Linux mechanisms, Kubernetes, and eBPF. Requires 5+ years experience in software/SRE with security focus, proficiency in systems programming, and cloud platforms.

127k – 249k/yr
Remote5+ YOESecurity Engineering
Kraken

Staff Security Architect

KrakenUnited States

Design and review security architectures for Kraken's crypto products, conduct assessments, and provide hands-on security consulting across blockchain, infrastructure, and AI projects.

127k – 254k/yr
RemoteSecurity Engineering
Cribl

Staff Security Operations Engineer

CriblUnited States

Lead security operations and threat detection engineering for a remote-first telemetry platform company. Design detection logic, manage incidents, and optimize SIEM/EDR tooling.

128k – 200k/yr
Remote7+ YOESecurity Engineering
Shield AI

Staff International Security Specialist

Shield AIDallas, TX

Develops and manages integrated international security programs covering personnel, physical, communications, cyber, and information security. Requires 10+ years experience, bachelor's degree, and ability to obtain U.S. security clearance.

100k – 150k/yr
On-site10+ YOESecurity Engineering
Shield AI

Staff COMSEC Officer

Shield AIWashington, DC

As a Staff COMSEC Officer, you will manage, direct, and administer the company's COMSEC program, ensuring strict adherence to DoD policies and requirements. You will oversee the full lifecycle of programs, act as the primary interface with government agencies, and manage COMSEC compliance for deployed networks.

100k – 150k/yr
On-site5+ YOESecurity Engineering