Skip to content
AbridgeAbridgeSan Francisco, CA

Staff Application Security Engineer

Lead application security initiatives as a technical leader on a new security team. Drive threat modeling, secure SDLC, code reviews, vulnerability management, and AI security for a healthcare AI platform.

228k – 290k/yr
Hybrid10+ YOESecurity Engineering

About the role

Secure Development & Architecture Leadership

  • Lead Threat Modeling and Design Reviews: Conduct advanced threat modeling and security architecture reviews for complex systems, new products, and platform initiatives.
  • Define Security Strategy: Define and implement the technical roadmap for the Application Security program, focusing on scalable assurance and proactive security measures.
  • Mentor and Enable: Act as a subject matter expert and trusted advisor to product and engineering teams, providing mentorship on security features, product defense, secure coding practices, application architecture, and vulnerability remediation strategies.
  • Conduct Training & Awareness: Develop training materials for engineers to build a foundation of security best practices.

Vulnerability Management & Incident Response

  • Code and Security Reviews: Perform and lead in-depth secure code reviews (both manual and tool-assisted) to identify complex security vulnerabilities and flaws, including logic and authorization vulnerabilities.
  • Internal Penetration Testing: Lead internal penetration testing engagements for net new products and historical systems.
  • Vulnerability Program Oversight: Design and enhance the end-to-end vulnerability management program for products and applications, ensuring timely identification, prioritization, and remediation of critical security issues.
  • Security Incident Response: Serve as an expert on products and applications for the security incident response team, assisting in investigating and resolving security events and incidents.

What You’ll Bring

  • 10+ years of direct experience in an Application Security role, with a demonstrated history of designing and implementing security improvements at scale.
  • Deep proficiency in one or more major programming languages (Python and NextJS a big plus) and a solid background in software development principles.
  • Extensive experience securing applications deployed in Cloud environments (GCP a big plus) and knowledge of containerization technologies (Kubernetes).
  • Expert-level knowledge of web application security techniques and principles, APIs, IAM (including identity, authentication/authorization, RBAC, ABAC), applied cryptography.
  • Deep understanding of the security of AI and ML models, agents, and associated systems.

Bonus Points If…

  • Proven experience contributing to or leveraging open-source security tools, publishing security research, managing bug bounty programs, and active engagement in the security industry.
  • Demonstrated ability to drive large, cross-functional technical projects that impact security posture across the entire organization.
  • Experience defining and utilizing security metrics to measure and report on the effectiveness of the AppSec program to both technical and executive audiences.

Skills

PythonNext.jsGCPKubernetesThreat ModelingSecure Code ReviewPenetration TestingIAMApplied CryptographyAi/Ml Security
Databricks

Senior Staff Software Engineer - Security Infrastructure

DatabricksMountain View, CA

Leads security infrastructure engineering at Databricks, plugging gaps in services, building large-scale distributed systems, and defining data security strategy. Requires 9+ years in security, 15+ in distributed systems, MS/PhD, and expertise in areas like Kubernetes security and cryptography.

228k – 304k/yr
On-site9+ YOESecurity Engineering
Gusto

Senior Staff Security Engineer - Network Security

GustoSan Francisco, CA

Leads edge and network security strategy, owning Cloudflare WAF, DDoS protection, Zero Trust, and AWS perimeter controls. Partners with teams to implement layered defenses, policy-as-code, detections, and AI-assisted automations. Requires 10+ years experience with deep Cloudflare and network expertise.

230k – 270k/yr
Hybrid10+ YOESecurity Engineering
Temporal

Staff Cloud Security Engineer

TemporalUnited States

As a Staff Cloud Security Engineer, you will collaborate with product and engineering teams to integrate security principles into the design and architecture of cloud infrastructure. You will secure core platform components, conduct threat modeling, and manage cloud security posture.

225k – 275k/yr
Remote5+ YOESecurity Engineering
6sense

Staff Security Engineer - SecOps & Threats

6senseUnited States

Leads SecOps and threat response, including incident handling, forensics, automation building, and threat exercises. Requires 5+ years in Security Operations, automation experience, and familiarity with security tools like SIEM, SOAR, and AWS.

231k – 266k/yr
Remote5+ YOESecurity Engineering
Databricks

Staff Product Security Engineer

DatabricksCalifornia

Staff Security Software Engineer leading architecture, standards, and development of AI security tooling, threat detection, and red-teaming platforms at Databricks. Requires 7-10 years security engineering experience, expert Python skills, and deep AI/ML security expertise.

231k – 398k/yr
Remote7+ YOESecurity Engineering