# Staff Application Security Engineer

**Company:** [Abridge](https://hotfix.jobs/companies/abridge)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $228k – $290k/yr
**Experience:** 10+ years
**Skills:** Python, Next.js, GCP, Kubernetes, Threat Modeling, Secure Code Review, Penetration Testing, IAM, Applied Cryptography, Ai/Ml Security
**Posted:** 2026-06-10

> Lead application security initiatives as a technical leader on a new security team. Drive threat modeling, secure SDLC, code reviews, vulnerability management, and AI security for a healthcare AI platform.

## Job Description

## Secure Development & Architecture Leadership
- Lead Threat Modeling and Design Reviews: Conduct advanced threat modeling and security architecture reviews for complex systems, new products, and platform initiatives.
- Define Security Strategy: Define and implement the technical roadmap for the Application Security program, focusing on scalable assurance and proactive security measures.
- Mentor and Enable: Act as a subject matter expert and trusted advisor to product and engineering teams, providing mentorship on security features, product defense, secure coding practices, application architecture, and vulnerability remediation strategies.
- Conduct Training & Awareness: Develop training materials for engineers to build a foundation of security best practices.

## Vulnerability Management & Incident Response
- Code and Security Reviews: Perform and lead in-depth secure code reviews (both manual and tool-assisted) to identify complex security vulnerabilities and flaws, including logic and authorization vulnerabilities.
- Internal Penetration Testing: Lead internal penetration testing engagements for net new products and historical systems.
- Vulnerability Program Oversight: Design and enhance the end-to-end vulnerability management program for products and applications, ensuring timely identification, prioritization, and remediation of critical security issues.
- Security Incident Response: Serve as an expert on products and applications for the security incident response team, assisting in investigating and resolving security events and incidents.

## What You’ll Bring
- 10+ years of direct experience in an Application Security role, with a demonstrated history of designing and implementing security improvements at scale.
- Deep proficiency in one or more major programming languages (Python and NextJS a big plus) and a solid background in software development principles.
- Extensive experience securing applications deployed in Cloud environments (GCP a big plus) and knowledge of containerization technologies (Kubernetes).
- Expert-level knowledge of web application security techniques and principles, APIs, IAM (including identity, authentication/authorization, RBAC, ABAC), applied cryptography.
- Deep understanding of the security of AI and ML models, agents, and associated systems.

## Bonus Points If…
- Proven experience contributing to or leveraging open-source security tools, publishing security research, managing bug bounty programs, and active engagement in the security industry.
- Demonstrated ability to drive large, cross-functional technical projects that impact security posture across the entire organization.
- Experience defining and utilizing security metrics to measure and report on the effectiveness of the AppSec program to both technical and executive audiences.

## Similar roles

- [Senior Staff Software Engineer - Security Infrastructure](https://hotfix.jobs/jobs/4c67d9fe-747c-4ed3-b78c-6f23ff4f72d6) - Databricks - Mountain View, CA - $228k – $304k/yr
- [Senior Staff Security Engineer - Network Security](https://hotfix.jobs/jobs/b3535b21-0e8c-4e69-aecd-b17494a88ef6) - Gusto - San Francisco, CA - $230k – $270k/yr
- [Staff Cloud Security Engineer](https://hotfix.jobs/jobs/8fe78be8-d092-4bdc-ac5c-17728eab4438) - Temporal - Remote - $225k – $275k/yr
- [Staff Security Engineer - SecOps & Threats](https://hotfix.jobs/jobs/62e8a0f4-1c37-4793-82e8-64433efa09a2) - 6sense - Remote - $231k – $266k/yr
- [Staff Product Security Engineer](https://hotfix.jobs/jobs/cd737e9e-c3f6-4183-b501-3803d909819a) - Databricks - Remote - $231k – $398k/yr

**Apply:** https://hotfix.jobs/jobs/b3ddeca6-364c-483c-9405-353a2981dd71
**Canonical:** https://hotfix.jobs/jobs/b3ddeca6-364c-483c-9405-353a2981dd71