# Security engineer, application security **Company:** [Writer](https://hotfix.jobs/companies/writer) **Location:** New York, NY, San Francisco, CA **Salary:** $119K-$210K **Experience:** 4+ years **Skills:** SAST, DAST, DevSecOps, Python, Java, Go, JavaScript, TypeScript, Threat Modeling, Penetration Testing, CI/CD, Vulnerability Management **Posted:** 2026-05-11 > Builds security into AI platform through threat modeling, SAST/DAST in CI/CD, code reviews, and secure architecture design. Requires 4+ years app sec experience, programming in Python/Java/Go/JS, and DevSecOps tools expertise. ## Job Description ## Responsibilities - Build security into the AI platform by conducting threat modeling sessions with product teams, designing secure architectures for new features, and ensuring security considerations shape product decisions from day one. - Own and evolve the application security program including establishing and maintaining SAST/DAST scanning in CI/CD pipelines, conducting security code reviews for critical changes, and building automation that catches vulnerabilities before production. - Partner with engineering teams to establish and champion secure coding standards, creating reusable security patterns and libraries. - Design and recommend security features and products that help secure customer environments. - Integrate and leverage AI agents to increase velocity for the security team and engineering org while minimizing risk. - Lead security assessments and penetration testing of applications, AI services, and APIs, identifying and remediating vulnerabilities. - Design and implement security controls for protecting data pipelines, model training environments, and customer-facing AI agents. - Stay ahead of emerging threats in the AI/ML security landscape, researching attack vectors specific to LLMs and generative AI, and building defenses. ## Requirements - Minimum 4 years of hands-on experience in application security engineering, securing large-scale production systems (bonus: fast-growing startups or high-growth environments). - Understanding of developer experience and workflows, balancing risk reduction with engineering velocity. - Technical expertise in at least two programming languages (**Python**, **Java**, **Go**, **JavaScript/TypeScript**) and ability to review code across multiple languages. - Knowledge of security tools and methodologies including **SAST/DAST** solutions, vulnerability management platforms, security testing frameworks, and **DevSecOps** practices. - Excellent communication skills to translate complex security concepts for technical and non-technical audiences. - Builder's mindset focused on automation, scaling, and empowerment. *Open to Mid, Sr., and Staff level candidates.* **Apply:** https://hotfix.jobs/jobs/security-engineer-application-security-at-writer-9628b13e-773c-473a-9e94-16d7d5cf2900 **Canonical:** https://hotfix.jobs/jobs/security-engineer-application-security-at-writer-9628b13e-773c-473a-9e94-16d7d5cf2900