Sr. Staff Back-End AppSec Engineer

About The Position

Requirements

• 7+ years in application security or product security with a strong software development background.
• Proven track record translating complex findings into technical and executive-level debriefs. Excellent written and verbal communication is essential.
• Experience delivering customer-facing or consulting-style engagements end-to-end, comfortable in a distributed remote organization.
• Expert-level Python backend stack; Django, Flask, FastAPI
• Expert-level Node.js / TypeScript; Express, NestJS.
• Working knowledge of front-end framework (React, Next.js, or Angular) and can follow how auth, CSRF, and data move between the client and the API.
• Mastery of OWASP Top 10, CWE Top 25, and modern authentication infrastructure (SAML, OAuth, OIDC, JWT internals).
• Hands-on experience authoring custom static-analysis rules and queries for modern SAST engines; familiarity with AI-assisted code review workflows and validating findings produced by automated and agentic analysis pipelines.
• Working knowledge of Python and JS packaging and dependency-resolution behaviors (pip/Poetry/uv; npm/pnpm/yarn) and the supply-chain failure modes specific to each.
• Fluency with Git-based source control and CI/CD pipelines, including build-pipeline security controls, runner hardening, and release-gate enforcement.
• Experience with AI accelerated development / code scanning methodologies.

Responsibilities

• Lead Wayfinder Frontier AI Services customer engagements end-to-end, scope the work, deliver the technical findings, and present results to executive and technical stakeholders.
• Review and triage findings from our agentic code scanning pipeline against customer Python and JS codebases. Validate true positives, eliminate noise, and ensure every finding that reaches the customer is a decision they can act on.
• Conduct deep code review across Python and Node.js code and common frameworks.
• Present findings to stake holders, translate technical risk into business impact and map exposures into end-to-end exploitation chains.
• Author and maintain SAST rule packs that scale across the customer base, and partner with our AI/ML engineers to improve our agentic scanning engine.
• Provide expert remediation guidance to customer development teams and validate fixes through follow-up review.
• Work closely with our engineering teams to enhance our agentic code scanning pipeline, and reduce false positives.
• Mentor Senior-level AppSec engineers and dev-skilled threat hunters; raise the technical bar of the practice and shape the service line's methodology, engagement playbooks, and scoping templates.

Benefits

• Equity & Rewards
• Restricted Stock Units (RSUs)
• Employee Stock Purchase Plan (ESPP)
• Time Off & Wellbeing
• Flexible time off
• Paid company holidays and paid sick time
• Gender-neutral parental leave
• Grandparent leave
• Insurance & Financial Security
• Medical, dental, and vision coverage
• 401(k) retirement plan with company match
• Life and disability insurance
• Health and dependent care FSA
• Voluntary benefits (hospital, accident, critical illness)
• Employee Assistance Program (EAP)
• ARAG pre-paid legal
• Nationwide pet insurance
• Cancer Care program
• Global business travel medical insurance
• Work Perks & Flexibility
• Home office allowance
• Mobile phone reimbursement
• Wellness & Lifestyle
• Wellness coach
• Wellness/gym reimbursement
• Fertility coverage
• Adoption & surrogacy reimbursement