Identifies and mitigates application security vulnerabilities through code reviews, penetration testing, and security assessments. Collaborates with development teams to integrate secure coding practices and provides guidance on threats and remediation.
260k – 385k/yr
HybridSecurity Engineering
About the role
Responsibilities
Perform security assessments: Conduct regular security assessments, code reviews, and penetration testing to identify vulnerabilities in applications and software.
Develop and implement security tools: Design, develop, and implement security tools, frameworks, and methodologies to protect applications against security threats.
Collaborate with development teams: Work closely with development teams to ensure security best practices are integrated throughout the software development lifecycle (SDLC), including secure coding guidelines.
Threat modeling and risk assessment: Conduct threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies.
Vulnerability management: Track, analyze, and manage vulnerabilities in applications, providing guidance and support for remediation efforts.
Incident response support: Assist in investigating, analyzing, and responding to security incidents related to applications, ensuring timely resolution and documentation of incidents.
Stay current on security trends: Continuously stay updated on the latest security threats, vulnerabilities, and technologies to enhance security measures in applications.
Requirements
Extensive experience in information security, cybersecurity, or a related field.
Deep understanding of security technologies, tools, and best practices, including secure coding practices, threat modeling, risk assessments, and incident response.
Experience in application security, software development, or related areas with a strong understanding of secure coding practices and application security frameworks.
Proficiency in programming languages (such as Python, Java, C++).
Knowledge of security tools (e.g., Burp Suite, OWASP ZAP).
Familiarity with security protocols and encryption methods.
Builds security primitives, platform mitigations, and leads vulnerability remediation for Ramp's financial platform. Partners with engineers for secure-by-design solutions. Requires 5+ years software experience, 2+ years in security/infrastructure.
258k – 355k/yr
Hybrid5+ YOESecurity Engineering
Security Research Manager, Coverage Team
SemgrepSan Francisco, CA +4
Leads a team of security researchers to develop high-quality detection rules for secrets, code, and supply chain vulnerabilities. Drives roadmap, automation with AI, and improves coverage accuracy; requires 5+ years security tech lead experience and 2+ years people management.
255k – 319k/yr
Hybrid5+ YOESecurity Engineering
Offensive Security Engineer
PerplexitySan Francisco, CA +1
Offensive Security Engineer conducts red team operations, penetration testing, and AI/ML attack simulations on cloud infrastructure, applications, and pipelines. Requires 5+ years experience in offensive security, expertise in cloud/web/K8s security, and custom tooling in Python/Go.
Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.
245k – 285k/yr
HybridSecurity Engineering
Security Engineer, Detection & Response
Scale AINew York, NY +3
Senior Security Engineer focused on building detection systems, incident response automation, and maturing telemetry pipelines across cloud environments. Requires 5+ years in detection engineering or security operations and production-grade coding skills.