Senior Application Security Engineer

What you'll do

• Design and execute greenfield AppSec initiatives from threat modeling to remediation
• Build and maintain security automation integrated into CI/CD pipelines
• Manage software supply chain risk
• Own container security across build and runtime
• Develop internal tooling and libraries to facilitate secure coding
• Own SAST/DAST/SCA tooling: selection, tuning, CI/CD integration, and triage
• Conduct application security reviews and threat models for new features and architecture
• Identify and remediate vulnerabilities across APIs, services, and data pipelines
• Partner with Engineering teams to establish secure coding standards and provide hands-on guidance
• Assess and mitigate LLM-introduced risks in product features
• Integrate agentic tooling into AppSec workflows to reduce toil
• Contribute to security incident response for application-layer issues

Requirements

• Production Python experience with engineering depth to review code and build security tooling
• Hands-on application security experience, ideally at a SaaS company
• Knowledge of OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS standards
• Threat modeling experience with Product and Engineering teams
• Experience building security tooling or automation (scripts, pipelines, libraries)
• Familiarity with AWS and Kubernetes security controls related to application-layer risks
• Working knowledge of LLM attack surfaces and mitigation
• Experience reviewing API designs for auth anti-patterns, token mismanagement, injection risks, sensitive data exposure
• Experience embedding with Engineering teams for code review, design consultation, standards definition
• Experience building or maturing an AppSec program from scratch

Tech stack

Benefits