Sr. Staff Back-End AppSec Lead

About The Position

Requirements

• 7+ years in application security or product security with a strong software development background.
• Proven track record translating complex findings into technical and executive-level debriefs. Excellent written and verbal communication is essential.
• Experience delivering customer-facing or consulting-style engagements end-to-end, comfortable in a distributed remote organization.
• Expert-level Java / Spring, you've identified and explained vulnerabilities at the framework level, not just the application level.
• Expert-level .NET Framework and ASP.NET Core, vulnerabilities and secure coding methodologies.
• Mastery of OWASP Top 10, CWE Top 25, and modern authentication infrastructure (SAML, OAuth, OIDC, JWT internals).
• Hands-on experience authoring custom static-analysis rules and queries for modern SAST engines; familiarity with AI-assisted code review workflows and validating findings produced by automated and agentic analysis pipelines.
• Strong threat modeling experience throughout the secure SDLC.
• Fluency with Git-based source control and CI/CD pipelines, including build-pipeline security controls, runner hardening, and release-gate enforcement.
• Experience with AI accelerated development / code scanning methodologies.

Responsibilities

• Lead Wayfinder Frontier AI Services customer engagements end-to-end, scope the work, deliver the technical findings, and present results to executive and technical stakeholders.
• Review and triage findings from our agentic code scanning pipeline against customer Java and .NET codebases. Validate true positives, eliminate noise, and ensure every finding that reaches the customer is a decision they can act on.
• Conduct deep code review across Java and .Net code and common frameworks.
• Present findings to stake holders, translate technical risk into business impact and map exposures into end-to-end exploitation chains.
• Author and maintain SAST rule packs that scale across the customer base, and partner with our AI/ML engineers to improve our agentic scanning engine.
• Provide expert remediation guidance to customer development teams and validate fixes through follow-up review.
• Work closely with our engineering teams to enhance our agentic code scanning pipeline, and reduce false positives.
• Mentor Senior-level AppSec engineers and dev-skilled threat hunters; raise the technical bar of the practice and shape the service line's methodology, engagement playbooks, and scoping templates.

Benefits

• Restricted Stock Units (RSUs)
• Employee Stock Purchase Plan (ESPP)
• Flexible time off
• Paid company holidays and paid sick time
• Gender-neutral parental leave
• Grandparent leave
• Medical, dental, and vision coverage
• 401(k) retirement plan with company match
• Life and disability insurance
• Health and dependent care FSA
• Voluntary benefits (hospital, accident, critical illness)
• Employee Assistance Program (EAP)
• ARAG pre-paid legal
• Nationwide pet insurance
• Cancer Care program
• Global business travel medical insurance
• Home office allowance
• Mobile phone reimbursement
• Wellness coach
• Wellness/gym reimbursement
• Fertility coverage
• Adoption & surrogacy reimbursement