Senior Staff Application Security Engineer

View full description

Requirements:

• 10+ years of hands-on experience in application security, securing cloud-based and containerized environments.
• Strong understanding of cybersecurity threats, vulnerabilities, and mitigations, with a proactive approach to embedding security throughout the product lifecycle.
• Deep expertise in secure design, threat modeling, offensive security, and risk reduction beyond compliance checklists.
• Experience with modern application stacks, security tooling, and DevSecOps pipelines, with a passion for security automation and pragmatic defenses.
• Working knowledge of one or more programming languages (preferably Python) and experience writing software that enhances security processes.
• Exceptional ability to distill complex security concepts into clear actions, driving alignment across engineering teams without direct authority.
• A collaborative mindset with a strong ability to build relationships, influence cross-functional teams, and lead high-impact security initiatives.
• Creative and strategic thinker who can holistically reduce risk, scale security through smart design, and bring clarity to ambiguous challenges.
• A track record of contributions to the security community (research, blogging, presentations, bug bounty) is a plus.
• Strong bias for action, ownership, and delivering measurable improvements to security posture.

Responsibilities:

• Drive “shift left” security initiatives, embedding security best practices seamlessly into the software development lifecycle to proactively identify and mitigate risks.
• Assess third-party vendors and cloud service providers to ensure compliance with security and privacy standards.
• Participate in the security on-call rotation to respond to and mitigate security incidents.
• Document security-relevant architectural decisions and ensure security considerations are integrated into system designs.
• Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed, confident decisions.
• Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests to drive architecture changes
• Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
• Partner closely with product and engineering teams to design solutions that are secure by default
• Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities. Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization.