Senior AppSec Engineer

About The Position

Requirements

• 3+ years of experience in software development, mobile development, or application security.
• Comfortable reading unfamiliar code and can speak Developer fluently.
• Hands-on experience integrating security tools (SAST, DAST, SCA, Secrets Detection) into automated workflows (e.g., GitHub Actions, GitLab CI, Jenkins).
• Ability to tune security tools to prevent alert fatigue.
• Deep knowledge of the OWASP Web Security Testing Guide (WSTG) and/or Mobile Application Security Testing Guide (MASTG) and the ability to think like a threat actor.
• Experience conducting Threat Modeling to catch flaws before they are built.
• Familiarity with the OWASP Top 10 for LLMs. Understand the unique risks of integrating AI into a production stack and can advise on how to build guardrails around model inputs and outputs.
• Experience supporting an Incident Response (IR) process, specifically providing the AppSec perspective to help scope an exploit and verify if a patch truly mitigates it.
• Deep understanding of how web applications work. Knowledge of HTTP headers, JWTs, CORS, and auth flows, and ability to validate them manually when scanners fail.
• Proven ability to define risks in both technical and business terms.
• 3+ years of professional experience in Software Development or Application Security.
• Proven proficiency in deploying and tuning SAST, DAST, and SCA (e.g., Snyk, CodeQL, Dependabot, Mend, Wiz).
• Experience performing architectural threat models on products and services.
• Strong experience building and maintaining security workflows in GitHub Actions.
• Working knowledge of Kubernetes and containerized compute services.
• Comfortable using Burp Suite or Postman to manually validate logic flaws.
• Must be authorized to work for any employer in the U.S. Unable to sponsor or take over sponsorship of an employment Visa at this time.

Responsibilities

• Support and optimize application security tooling (SAST, SCA, Secrets Detection) within our CI/CD pipelines to provide accurate, actionable, and prioritized alerts to devs.
• Act as the primary security partner for Engineering and Product teams, ensuring security is baked in from the design phase through deployment.
• Lead collaborative threat modeling exercises to identify architectural risks before code is even written. Partner with penetration testing teams to translate these threats into targeted testing scenarios for high-risk functions.
• Perform deep-dive code reviews and provide actionable remediation guidance.
• Help lead the charge in identifying and removing hard-coded secrets, moving the org toward more secure, automated secret management practices.
• Help manage our bug bounty program by triaging submissions, working with researchers, and validating fixes with our engineers.
• Serve as the security consultant for AI/ML initiatives. Partner with engineering to design secure "LLM-backed" features, focusing on prompt injection prevention, data privacy/sanitization, and secure integration of third-party AI APIs.
• Support the team during application-related security incidents, bringing deep knowledge of code and logic.
• Perform security assessments on new features to help identify logic flaws that automated scanners might miss. Partner with our penetration testing team on high-risk releases to exchange knowledge and continuously sharpen offensive security skillset.
• Translate technical vulnerabilities into business risk. Document and present findings in a way that is actionable for engineers and understandable for leadership.

Benefits

• Company-subsidized medical, dental, & vision plans
• 401(k) plan with company match
• Annual bonus
• Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
• Generous paid leave programs, including 16-week paid parental leave and disability benefits
• Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
• Company-wide in-person events and team outings
• Lifestyle enhancement program
• Company equipment provided (Windows & Mac options)
• Annual performance reviews with opportunities for growth and career development