Lead Application Security Engineer
About The Position
Adaptive Security is the fastest-growing company in AI cybersecurity. We started by protecting organizations from AI-powered social engineering - deepfake phone calls, spear phishing, SMS-based threats - and we're now expanding into email security and browser security. Our customers integrate us deeply into their Google Workspace, Microsoft 365, and email infrastructure, and that attack surface is growing fast. We're a security company and our own security posture has to be best in class. We're looking for an Application Security Engineer to own application security across Adaptive. You need to be a strong enough engineer to work inside our codebase (Java + Spring Boot services, TypeScript + React frontend, and terraform for managing AWS infrastructure) and a strong enough security practitioner to find what others miss. We want someone who finds the vulnerability, opens the PR to fix it, and builds the systems that prevent the next one.
Requirements
- 5+ years of experience in application security, with demonstrated ability to find and exploit vulnerabilities in web applications and APIs (OWASP Top 10 and beyond).
- Strong software engineering skills. You can read, write, and ship production code in Java, TypeScript, or similar languages.
- Experience with cloud infrastructure security on AWS (IAM, VPC, ECS, S3, RDS, or equivalent services on other providers).
- Hands-on experience with security tooling in CI/CD pipelines - SAST, DAST, SCA, container scanning, or similar.
- Familiarity with compliance frameworks relevant to enterprise SaaS (SOC 2, HIPAA, GDPR) and the ability to translate compliance requirements into engineering work.
- High autonomy. You're building this function from scratch and are expected to set priorities and drive them.
Responsibilities
- Own Adaptive's application security posture end-to-end. Define security standards for our products, infrastructure, and development process and make sure they're followed.
- Conduct security reviews and threat modeling for new features, integrations, and architecture changes. Our attack surface is growing as we add deeper customer integrations and expand internationally.
- Build security into CI/CD. Automate static analysis, dependency scanning, secrets detection, and container security so vulnerabilities are caught before they ship.
- Perform penetration testing against our own applications and infrastructure. Find the bugs before external researchers or attackers do.
- Drive vulnerability management across our application and infrastructure stack. Triage findings from automated tooling, pen tests, prioritize by risk, and push remediation to closure with engineering.
- Lead security incident response process for application-layer events. When something happens, you lead the investigation and remediation.
- Manage our approach to external security testing - bug bounty programs, third-party pen tests, and customer security assessments.
- Own AWS security across our entire cloud architecture — IAM hardening, misconfiguration detection, and building the controls that keep our posture clean as the environment grows.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
