Senior Application Security Engineer

Secure SDLC, design review, and threat modeling

• Own and continuously improve the secure software development lifecycle for Apollo applications so security is embedded into design, implementation, and deployment.
• Perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features before launch.
• Provide practical security architecture guidance to Engineering, Product, and IT teams.
• Help define and maintain application-security guardrails, secure design expectations, code review standards, and risk models for new and existing systems.

Vulnerability management and hands-on remediation

• Drive execution-heavy vulnerability management across internal reviews, bug bounty, pentests, SCA/runtime findings, and other research signals, ensuring findings are validated, prioritized, routed clearly, and tracked through remediation and verification within SLAs.
• Go beyond identifying issues: read the code, explain root cause, propose the safest fix, and directly implement or support remediation when needed for complex vulnerabilities.
• Perform hands-on validation and offensive security testing of applications and fixes, including exploit development, bypass testing, adversarial thinking, and focused red-team-style exercises.
• Work across common SaaS application security issues including authentication and authorization weaknesses, access control risks, OAuth and CSRF design flaws, SSRF, cryptographic and verification issues, information disclosure and data exposure risks, unsafe execution and deserialization patterns, and dependency or runtime vulnerabilities.
• Apply clear, risk-based severity decisions using exploitability, data sensitivity, customer impact, and blast radius.

Tooling, automation, and AI

• Configure and improve AppSec tooling and integrations, including SAST configuration, ignore lists, dashboards, and other controls that maintain useful coverage without excessive noise.
• Select, build, or refine security tooling, small automations, and workflow enrichments that reduce manual effort and scale AppSec operations responsibly.
• Use AI to automate, transform, and scale security and engineering-adjacent processes where it materially improves speed, consistency, or signal quality.
• Embed AI-specific security checks into SSDLC reviews and code analysis, including input and output handling, AI-exposed APIs, prompt and response guardrails, and abuse or data-exfiltration paths.
• Partner cross-functionally on AI security requirements and controls so AI systems and AI-powered features are designed, deployed, and operated securely.

Engineering enablement and partnership

• Support and scale security enablement for engineers and security champions, including secure coding, AppSec, and AI-safety content.
• Provide actionable remediation guidance, secure patterns, and examples that help engineering teams fix issues quickly and correctly.
• Partner closely with Engineering, Product, Platform, Data, Legal, and other security teams to keep AppSec priorities aligned with business risk and product velocity.
• Produce clear documentation, metrics, and written narratives that improve AppSec visibility, observability, and decision-making.