Senior Application Security Engineer

About The Position

Requirements

• 4+ years in application security, secure software development, or a closely related field, with a bachelor’s or master’s in Computer Science, Information Security, Cybersecurity, or a related field, or equivalent experience
• A track record shipping security tooling, automation, or reusable patterns, not just operating off-the-shelf tools
• Expert-level threat modeling, security design review, and manual code review, with deep knowledge of application and API vulnerability classes and how to design them out
• Fluent enough to read and write code in languages like Java, Kotlin, C#, or Python
• Hands-on fluency using AI to accelerate real security work, with judgment about where to trust it and where to verify
• Working knowledge of how LLM and agent features fail, including prompt injection, unsafe tool and permission use, and data leakage through model outputs
• Cloud-native, container, and serverless security (AWS, GCP, Azure, Kubernetes)

Nice To Haves

• Hands-on with GitHub Advanced Security and JFrog Artifactory, or similar
• Offensive security experience
• Vulnerability disclosure or bug bounty program experience
• Production software engineering background
• Certifications such as CSSLP, CISSP, OSWA, OSWE, GWAPT, or GMOB

Responsibilities

• Build secure-by-default patterns and paved-road tooling so teams get security built into the pipelines and frameworks they already use
• Own the AppSec tooling stack (SAST, SCA, secrets scanning, DAST), tune it for signal over noise, and route findings into where engineers already work
• Automate the security work that doesn’t need human judgment, and save manual review for the work that does
• Partner with our security teams, mentor engineers and champions, and raise the application security bar across the org

Benefits

• Medical/Vision
• Dental
• Retirement
• Paid Time Away
• Life Insurance
• Disability
• Merchandise Discount
• EAP Resources
• 401k
• performance-based incentives/bonuses