# Security engineer, application security

**Company:** [Writer](https://hotfix.jobs/companies/writer)
**Location:** New York, NY, San Francisco, CA
**Role:** Security Engineering
**Salary:** $119k – $210k/yr
**Experience:** 4+ years
**Skills:** SAST, DAST, DevSecOps, Python, Java, Go, JavaScript, TypeScript, Threat Modeling, Penetration Testing, CI/CD, Vulnerability Management
**Posted:** 2026-05-11

> Builds security into AI platform through threat modeling, SAST/DAST in CI/CD, code reviews, and secure architecture design. Requires 4+ years app sec experience, programming in Python/Java/Go/JS, and DevSecOps tools expertise.

## Job Description

## Responsibilities
- Build security into the AI platform by conducting threat modeling sessions with product teams, designing secure architectures for new features, and ensuring security considerations shape product decisions from day one.
- Own and evolve the application security program including establishing and maintaining SAST/DAST scanning in CI/CD pipelines, conducting security code reviews for critical changes, and building automation that catches vulnerabilities before production.
- Partner with engineering teams to establish and champion secure coding standards, creating reusable security patterns and libraries.
- Design and recommend security features and products that help secure customer environments.
- Integrate and leverage AI agents to increase velocity for the security team and engineering org while minimizing risk.
- Lead security assessments and penetration testing of applications, AI services, and APIs, identifying and remediating vulnerabilities.
- Design and implement security controls for protecting data pipelines, model training environments, and customer-facing AI agents.
- Stay ahead of emerging threats in the AI/ML security landscape, researching attack vectors specific to LLMs and generative AI, and building defenses.

## Requirements
- Minimum 4 years of hands-on experience in application security engineering, securing large-scale production systems (bonus: fast-growing startups or high-growth environments).
- Understanding of developer experience and workflows, balancing risk reduction with engineering velocity.
- Technical expertise in at least two programming languages (**Python**, **Java**, **Go**, **JavaScript/TypeScript**) and ability to review code across multiple languages.
- Knowledge of security tools and methodologies including **SAST/DAST** solutions, vulnerability management platforms, security testing frameworks, and **DevSecOps** practices.
- Excellent communication skills to translate complex security concepts for technical and non-technical audiences.
- Builder's mindset focused on automation, scaling, and empowerment.

*Open to Mid, Sr., and Staff level candidates.*

## Similar roles

- [Security & Compliance Operations Manager](https://hotfix.jobs/jobs/90ac6643-526f-4aeb-bb4f-d71bc1af1fcd) - Mintlify - San Francisco, CA - $120k – $180k/yr
- [Product Security Manager](https://hotfix.jobs/jobs/e6c7e91d-a178-4872-8fa5-f6af356137a5) - Northwood Space - Los Angeles, CA - $120k – $190k/yr
- [Security Engineer, Platform](https://hotfix.jobs/jobs/9b7bcfc9-794a-41cb-87d5-a10b2e936fc2) - Resend - Remote - $120k – $140k/yr
- [Cloud Security Engineer](https://hotfix.jobs/jobs/d46a9bb9-c703-4b78-8ad4-97ec5891b112) - WorkWave - Remote - $120k – $145k/yr
- [System Safety Engineer, Autonomy Trucking](https://hotfix.jobs/jobs/c0bddf4e-fb45-4eb3-858f-068e881e5c48) - Applied Intuition - Sunnyvale, CA - $118k – $250k/yr

**Apply:** https://hotfix.jobs/jobs/9628b13e-773c-473a-9e94-16d7d5cf2900
**Canonical:** https://hotfix.jobs/jobs/9628b13e-773c-473a-9e94-16d7d5cf2900