Skip to content

Sr. Application Security Engineer

Hands-on technical leader securing a B2B2C SaaS platform across the SDLC with deep expertise in application security, AI-augmented workflows, cloud-native security, and LLM-specific threat mitigation.

155k – 175kUnited StatesSecurity EngineeringRemote7+ YOE

About the role

Responsibilities

  • Lead security architecture reviews for new and existing applications, embedding secure-by-design principles from initial design through deployment and ongoing operation.
  • Develop, enforce, and refine secure coding standards across engineering teams using automated security scans (SAST, DAST, SCA), AI-assisted code review (Claude Code), manual code audits, and secure development training.
  • Own the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating signals from static analysis, dynamic testing, software composition analysis, and runtime telemetry to build risk-scoring models.
  • Continuously improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-powered features using AI tools (Claude Security) for accelerated threat model generation.
  • Develop custom security automation tools and scripts to improve detection and response capabilities, including AI-assisted vulnerability auto-fix workflows and integration of AI-powered security tooling into CI/CD pipelines.
  • Own and operate the company's bug bounty program end-to-end: define program strategy, triage and validate submissions, assess severity, and engage with the security research community.
  • Manage vulnerability triage and prioritization processes, ensuring assessments align with exploitability, business impact, and compliance requirements.
  • Influence product roadmaps by identifying and advocating for security enhancements aligned with regulatory requirements, industry best practices, and AI-integrated application threats.
  • Mentor security engineers and developers on secure coding, vulnerability remediation, and AI-augmented security workflows.
  • Present security findings, risk assessments, and program metrics to senior leadership, clients, auditors, and regulators.

Requirements

  • 7+ years of progressive experience in application security, software security engineering, or related domain within production SaaS environments.
  • Extensive hands-on experience in secure software development, DevSecOps pipeline design, and security testing methodologies (SAST, DAST, SCA, penetration testing).
  • Demonstrated experience securing large-scale cloud-native applications, APIs, and microservices architectures.
  • Experience leading application security initiatives, defining program strategy, and mentoring engineering teams.
  • Regular hands-on use of AI-powered security and development tools (Claude Code, Claude Security, or comparable) as part of daily workflows.
  • Experience assessing AI-specific attack surfaces in LLM-integrated applications (prompt injection, context leakage, insecure tool use, model denial-of-service).
  • Deep expertise in AWS security, Kubernetes security, and cloud-native application security best practices.
  • Strong programming proficiency to review and assess security risks in one or more of: Java, C#, JavaScript/TypeScript, Python, Swift, or Kotlin.
  • Expertise in secure authentication and authorization mechanisms (OAuth 2.0, OIDC, SAML, JWT, WebAuthn, Zero Trust).
  • Hands-on proficiency with AI-augmented security workflows for vulnerability discovery, remediation, threat modeling, and security automation.
  • Strong understanding of OWASP Top 10, OWASP Top 10 for LLM Applications, SANS 25, CVSS/EPSS scoring, and MITRE ATT&CK framework.
  • Ability to identify, assess, and mitigate prompt injection vulnerabilities in LLM-integrated applications.
  • Experience with secure context window management in AI-powered products.
  • Hands-on experience with security automation and scripting (Python, Bash, or equivalent).
  • Proficiency in penetration testing methodologies for web applications, APIs, and mobile platforms.
  • Strong knowledge of encryption standards, cryptographic best practices, and secrets management.
  • Bachelor's degree in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or related field, or equivalent combination of education and experience.
  • Ability to work independently in a remote setting with high performance and accountability.

Nice-to-Haves

  • Preferred certifications: CSSLP, OSCP, GWEB, or GWAPT.
  • Experience evaluating security posture of AI providers (API security reviews, data residency assessments, vendor risk questionnaires).
  • Familiarity with AI model access controls and secrets hygiene in AI pipelines.
  • Experience with SIEM, WAF, and security monitoring tools.
  • Familiarity with cloud security controls in AWS (IAM, security groups, KMS, Lambda security, cloud monitoring).
  • Strong project management abilities and experience collaborating across product, engineering, and compliance teams.

Skills

AWSKubernetesJavaC#JavaScriptTypeScriptPythonSwiftKotlinOauth 2.0OIDCSAMLJwtWebauthnSast/Dast/Sca/Penetration Testing Tools

Sr. Security Software Engineer, Application Security

Build security tooling and enhancements to protect Pinterest's platform and users, focusing on secure development lifecycle, assessments, and AI threat mitigation. Requires 5+ years in application/product security and Python proficiency.

156k – 320kChicago, ILSecurity EngineeringRemote5+ YOEPythonAi Security

Senior Security Engineer, Detection and Response

Senior Security Engineer builds threat detections, leads incident response, and automates security operations in cloud/SaaS environments. Requires 5+ years experience with SIEM, SOAR, Python, AWS/GCP.

156k – 210kUnited StatesSecurity EngineeringRemote5+ YOEAWSGCP

Senior GRC Lead

Leads GRC initiatives by automating compliance workflows, building security tool integrations, and implementing controls for frameworks like SOC 2, PCI DSS, and ISO 27001 in cloud environments. Requires 5+ years experience, Python proficiency, and strong cross-functional collaboration.

154k – 192kSeattle, WASecurity EngineeringHybrid5+ YOEAWSGCP

Senior Security Engineer, Security Engineering & Operations

Design and build scalable cloud-native security data pipelines and detection systems. Collaborate on detection engineering and Kubernetes security controls while participating in on-call rotations.

153k – 270kSan Francisco, CASecurity EngineeringOn-site5+ YOEGoGCP

Senior Product Security Engineer

Senior security engineer embedded in product development to build secure CI/CD pipelines, enforce supply chain controls, and harden Kubernetes workloads on GCP/AWS. Requires 5+ years experience, strong Go/Python skills, and deep Kubernetes and cloud security expertise.

157k – 184kUnited StatesSecurity EngineeringRemote5+ YOEGoGCP