Senior AppSec Engineer

PrizePicksAtlanta, GA
10dRemote
Match Resume

About The Position

At PrizePicks, we are the fastest-growing sports company in North America, as recognized by Inc. 5000. As the leading platform for Daily Fantasy Sports, we cover a diverse range of sports leagues, including the NFL, NBA, and Esports titles like League of Legends and Counter-Strike. Our team of over 550 employees thrives in an inclusive culture that values individuals from diverse backgrounds, regardless of their level of sports fandom. Ready to reimagine the DFS industry together? What you’ll do: Own the Pipeline: Support and optimize application security tooling (SAST, SCA, Secrets Detection) within our CI/CD pipelines to provide accurate, actionable, and prioritized alerts to devs. Be a Security Champion: Act as the primary security partner for Engineering and Product teams, ensuring security is baked in from the design phase through deployment. Threat Modeling: Lead collaborative threat modeling exercises to identify architectural risks before code is even written. Partner with penetration testing teams to translate these threats into targeted testing scenarios for high-risk functions. Code-Level Remediation: Don’t just tell devs what is wrong—show them how to fix it by performing deep-dive code reviews and providing actionable remediation guidance. Secrets Management: Help lead the charge in identifying and removing hard-coded secrets, moving the org toward more secure, automated secret management practices. Bug Bounty & Research: Help manage our bug bounty program by triaging submissions, working with researchers, and validating fixes with our engineers. Secure AI Integration: Serve as the security consultant for AI/ML initiatives. Partner with engineering to design secure "LLM-backed" features, focusing on prompt injection prevention, data privacy/sanitization, and secure integration of third-party AI APIs. Incident Response: Support the team during application-related security incidents, bringing your deep knowledge of code and logic to the table. Feature Validation: Perform security assessments on new features to help identify logic flaws that automated scanners might miss. Partner with our penetration testing team on high-risk releases to exchange knowledge and continuously sharpen your offensive security skillset. Strategic Communication: Translate technical vulnerabilities into business risk. You’ll be responsible for documenting and presenting findings in a way that is actionable for engineers and understandable for leadership.

Requirements

  • 3+ years of experience in software development, mobile development, or application security. You are comfortable reading unfamiliar code and can speak Developer fluently.
  • CI/CD Pipeline Expertise: Hands-on experience integrating security tools (SAST, DAST, SCA, Secrets Detection) into automated workflows (e.g., GitHub Actions, GitLab CI, Jenkins). You know how to tune these tools to prevent alert fatigue.
  • Deep knowledge of the OWASP Web Security Testing Guide (WSTG) and/or Mobile Application Security Testing Guide (MASTG) and the ability to think like a threat actor.
  • Experience conducting Threat Modeling to catch flaws before they are built.
  • Familiarity with the OWASP Top 10 for LLMs. You understand the unique risks of integrating AI into a production stack and can advise on how to build guardrails around model inputs and outputs.
  • Experience supporting an Incident Response (IR) process, specifically providing the AppSec perspective to help scope an exploit and verify if a patch truly mitigates it.
  • A deep understanding of how web applications work. You know your way around HTTP headers, JWTs, CORS, and auth flows, and you can validate them manually when the scanners fail.
  • Proven ability to define risks in both technical and business terms.
  • 3+ years of professional experience in Software Development or Application Security .
  • AppSec Tooling: Proven proficiency in deploying and tuning SAST, DAST, and SCA (e.g., Snyk, CodeQL, Dependabot, Mend, Wiz).
  • Threat Modeling: Experience performing architectural threat models on products and services.
  • CI/CD Automation: Strong experience building and maintaining security workflows in GitHub Actions .
  • Cloud Native: Working knowledge of Kubernetes and containerized compute services.
  • Security Testing: Comfortable using Burp Suite or Postman to manually validate logic flaws.

Responsibilities

  • Own the Pipeline: Support and optimize application security tooling (SAST, SCA, Secrets Detection) within our CI/CD pipelines to provide accurate, actionable, and prioritized alerts to devs.
  • Be a Security Champion: Act as the primary security partner for Engineering and Product teams, ensuring security is baked in from the design phase through deployment.
  • Threat Modeling: Lead collaborative threat modeling exercises to identify architectural risks before code is even written. Partner with penetration testing teams to translate these threats into targeted testing scenarios for high-risk functions.
  • Code-Level Remediation: Don’t just tell devs what is wrong—show them how to fix it by performing deep-dive code reviews and providing actionable remediation guidance.
  • Secrets Management: Help lead the charge in identifying and removing hard-coded secrets, moving the org toward more secure, automated secret management practices.
  • Bug Bounty & Research: Help manage our bug bounty program by triaging submissions, working with researchers, and validating fixes with our engineers.
  • Secure AI Integration: Serve as the security consultant for AI/ML initiatives. Partner with engineering to design secure "LLM-backed" features, focusing on prompt injection prevention, data privacy/sanitization, and secure integration of third-party AI APIs.
  • Incident Response: Support the team during application-related security incidents, bringing your deep knowledge of code and logic to the table.
  • Feature Validation: Perform security assessments on new features to help identify logic flaws that automated scanners might miss. Partner with our penetration testing team on high-risk releases to exchange knowledge and continuously sharpen your offensive security skillset.
  • Strategic Communication: Translate technical vulnerabilities into business risk. You’ll be responsible for documenting and presenting findings in a way that is actionable for engineers and understandable for leadership.

Benefits

  • Company-subsidized medical, dental, & vision plans
  • 401(k) plan with company match
  • Annual bonus
  • Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
  • Generous paid leave programs, including 16-week paid parental leave and disability benefits
  • Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
  • Company-wide in-person events and team outings
  • Lifestyle enhancement program
  • Company equipment provided (Windows & Mac options)
  • Annual performance reviews with opportunities for growth and career development

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Education Level

No Education Listed

Job Search Resources

Similar Senior AppSec Engineer job opportunities

Senior AppSec Engineer
PrizePicks
PrizePicks • Atlanta, GA11d • $130,000 - $180,000 • Remote
AppSec Sales Engineer
Harness
Harness • San Francisco, CA11d • $220,000 - $290,000 • Remote
AppSec Sales Engineer
Harness
Harness • San Francisco, CA12d • Remote
Security Engineer- Cloud & AppSec
Baker Donelson
Baker Donelson • The Connective, TN13d • $120,000 - $150,000 • Remote
Security Engineer- Cloud & AppSec
Baker Donelson
Baker Donelson • Memphis, TN13d • Remote
🔥 New JobTechnical Marketing Manager (AppSec, AI/ML, R&E)
Trail of Bits
Trail of Bits8h • $130,000 - $160,000 • Remote
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service