# Senior Security Engineer

**Company:** [Decagon](https://hotfix.jobs/companies/decagon)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $200k – $330k/yr
**Experience:** 5+ years
**Skills:** Threat Modeling, Secure Code Review, SAST, DAST, Iast, CI/CD, Owasp Top 10, Semgrep, Codeql, GCP, Ai/Ml Security, Prompt Injection Protection
**Posted:** 2026-04-10

> Leads application security strategy for AI conversational platform, designing controls, threat modeling, and testing programs (SAST/DAST/IAST). Requires 5+ years in app sec engineering, secure coding expertise, and CI/CD integration; AI/ML security experience preferred.

## Job Description

## Responsibilities
- Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management.
- Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment.
- Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications.
- Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling.
- Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity.
- Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements.

## Requirements
- 5+ years of hands-on application security engineering experience.
- Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment.
- Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications.
- Experience implementing application security testing tools and integrating security into **CI/CD** pipelines.
- Knowledge of **OWASP Top 10**, common application vulnerabilities, and modern application security frameworks.
- Proven track record working with engineering teams to remediate security findings while balancing security and business requirements.

## Nice-to-Haves
- Experience securing **AI/ML** applications, including prompt injection, model extraction, and adversarial input protections.
- Background with large-scale, multi-tenant **SaaS** applications handling sensitive customer data.
- Familiarity with **Google Cloud** application security services and container security best practices.
- Knowledge of enterprise compliance requirements (**SOC 2**, **ISO 27001**, **GDPR**) from an application security perspective.
- Experience with modern security tools like **Semgrep**, **CodeQL**, **Cursor Bug Bot**, **XBOW**, or similar.

## Similar roles

- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Senior Software Engineer, Security Foundations](https://hotfix.jobs/jobs/8c688ac7-38e0-46a2-b2ba-354f76225dd9) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Threat Detection Researcher](https://hotfix.jobs/jobs/60492183-92a6-41ba-871a-dbb16f8bec0a) - Wiz - New York, NY - $200k – $250k/yr
- [Senior Software Engineer](https://hotfix.jobs/jobs/433780b4-d2fd-4bcc-9ee2-fcd1bd108c8b) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Senior Security Engineer](https://hotfix.jobs/jobs/fa234775-f608-479b-915b-0824104827f0) - Novig - New York, NY - $200k – $250k/yr

**Apply:** https://hotfix.jobs/jobs/c7457b3f-7ee3-4e5f-a3ec-927ace30f01e
**Canonical:** https://hotfix.jobs/jobs/c7457b3f-7ee3-4e5f-a3ec-927ace30f01e