Senior Application Security Engineer

This is a fully remote position, open to applicants in United States.

📋 Description

• Lead reviews of security architecture for both new and existing applications, ensuring that secure-by-design principles are incorporated from the initial design phase through deployment and ongoing operations.

• Create, enforce, and continually enhance secure coding standards across engineering teams by utilizing automated security scans (SAST, DAST, SCA), AI-assisted code reviews with tools like Claude Code, regular manual code audits, and focused secure development training.

• Take ownership of the design, implementation, and evolution of Application Security Posture Management (ASPM) capabilities, integrating insights from static analysis, dynamic testing, software composition analysis, and runtime telemetry to develop risk-scoring models that consider exploitability, data sensitivity, and business impact.

• Persistently improve threat modeling frameworks across application components, third-party integrations, cloud-native architectures, and AI/LLM-driven features, using tools such as Claude Security for accelerated threat model generation and scenario analysis.

• Create custom security automation tools and scripts to enhance detection and response capabilities within cloud environments, including AI-assisted vulnerability auto-fix workflows and the integration of AI-driven security tools into CI/CD pipelines.

• Manage and operate the company’s bug bounty program from start to finish: define program strategy and scope, triage and validate submissions from external researchers, evaluate severity, and maintain productive engagement with the security research community.

• Oversee the processes for vulnerability triage and prioritization, ensuring vulnerabilities are evaluated based on exploitability, business impact, and compliance needs, while ensuring remediation timelines are in line with the organization's risk tolerance.

⛳️ Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or a related field, or an equivalent combination of education and experience.

• Preferred certifications include CSSLP, OSCP, GWEB, or GWAPT.

• A minimum of seven (7+) years of progressive experience in application security, software security engineering, or a closely related field within production SaaS environments.

• Extensive hands-on experience in secure software development, DevSecOps pipeline design, and security testing methodologies (SAST, DAST, SCA, penetration testing).

• Proven experience in securing large-scale cloud-native applications, APIs, and microservices architectures.

• Experience in leading application security initiatives, defining program strategies, and mentoring engineering teams on secure development practices.

• Regular hands-on experience with AI-powered security and development tools (e.g., Claude Code, Claude Security, or similar coding/security assistants) as part of daily security engineering tasks, rather than solely in evaluative, advisory, or training roles.

• Experience in evaluating AI-specific attack surfaces in LLM-integrated applications, including prompt injection, context leakage, insecure tool use, and model denial-of-service.

🏝️ Benefits

• Medical, dental, and vision insurance

• A 401(k) with company match

• Flexible PTO plus 12 paid holidays

• Paid sick leave

• Paid parental and family leave

• A lifestyle spending account

• Tuition reimbursement

• A cell phone stipend