Application Security Engineer

About the position

LAIKA is seeking a Sr Application Security Engineer (AppSec) to join our Information Security team and play a vital role in protecting the creative and technical backbone of our studio. From the animation stages to the cloud, you'll be designing and implementing robust security strategies that keep our content-and the technology that empowers it-safe, secure, and resilient. In this role, you'll partner with software engineers, site reliability engineers (SREs), and technology leaders to conduct in-depth assessments, penetration tests, and vulnerability analyses across a wide range of environments. Your work will directly support the protection of LAIKA's proprietary tools and workflows, ensuring our stories reach the world untarnished.

Responsibilities

• Conduct security assessments and code audits to identify and mitigate vulnerabilities.
• Perform penetration testing across web applications, plugins, SaaS platforms, IoT devices, and networks.
• Analyze and test source code for security flaws and recommend mitigation strategies.
• Implement and manage application security testing tools, including SAST, DAST, and IAST (static, dynamic, and interactive analysis).
• Develop solutions to drive remediation of security issues through product security tests, bug bounty programs, and vulnerability disclosure programs.
• Work alongside developers, technology leaders, and external partners to address security risks.
• Collaborate with internal teams to design and implement security best practices across the development lifecycle.
• Support security initiatives related to DevOps, SRE, and cloud security architectures.
• Research, evaluate, and recommend new security tools and methodologies to improve testing capabilities.
• Apply API security best practices and work with public cloud platforms (AWS, Azure, GCP).
• Utilize red teaming and vulnerability assessment tools (Metasploit, Kali, Nessus, Cobalt Strike, Acunetix).
• Manage knowledge repositories and CI/CD pipelines using GitHub, GitLab, Jenkins, Perforce, Jira, and Confluence.
• Stay ahead of emerging cybersecurity threats and continuously improve security testing methodologies.
• Develop comprehensive security reports and presentations for technical and executive audiences.

Requirements

• 5+ years of experience in cybersecurity OR 7+ years in software engineering with a focus on security.
• Strong understanding of web application security, cloud security, and API security best practices.
• Hands-on experience with application penetration testing (required).
• Experience working in cross-functional teams, collaborating with engineers, SREs, and leadership.
• Proficiency in application development and scripting (Python preferred; Perl, Go, or Ruby a plus).
• Familiarity with public cloud security architectures (AWS, Azure, GCP).
• Expertise with security testing tools, including SAST, DAST, IAST, and vulnerability assessment platforms.
• Experience with CI/CD security best practices and DevSecOps methodologies.

Nice-to-haves

• OSCP, GPEN, or GWAPT certifications or equivalent experience.

Benefits

• Salary is commensurate with skills and experience.