Senior Application Security Engineer

What you'll do

• Design and execute greenfield AppSec initiatives across SaaS platform from threat modeling to remediation
• Build and maintain security automation integrated into CI/CD pipelines and manage software supply chain risk
• Own container security across build and runtime
• Develop internal tooling and libraries to facilitate secure coding for application engineers
• Own SAST/DAST/SCA tooling: selection, tuning, CI/CD integration, and triage
• Conduct application security reviews and threat models for new features and architectural changes
• Identify and remediate vulnerabilities across APIs, services, and data pipelines
• Partner with Engineering teams to establish secure coding standards and provide hands-on guidance
• Assess and mitigate LLM-introduced risks in product features
• Integrate agentic tooling into AppSec workflows to reduce toil
• Contribute to security incident response when application-layer issues are involved

Requirements

• Production Python experience with engineering depth to review code and build security tooling
• Hands-on application security experience, ideally at a SaaS company
• Knowledge of security standards such as OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS
• Threat modeling experience with Product and Engineering teams
• Experience building security tooling or automation (scripts, pipelines, libraries)
• Familiarity with AWS and Kubernetes security controls related to application-layer risks
• Working knowledge of LLM attack surfaces and mitigation
• Experience reviewing API designs for auth anti-patterns, token mismanagement, injection risks, and sensitive data exposure
• Experience embedding with Engineering teams for code review, design consultation, and standards definition
• Experience building or maturing an AppSec program from scratch

Tech stack

Benefits