Senior Application Security Engineer

📋 Description

• Take ownership of comprehensive security reviews encompassing smart contracts (Solidity), backend services (Go, TypeScript, Python), and frontend interfaces, generating written findings that meet the quality standards of a leading external audit firm, which will be published and utilized as the internal benchmark.

• Develop and implement an autonomous security CI/CD pipeline: an agent-driven review system that operates independently against every PR and release candidate, analyzes contextual changes, and improves with each deployment.

• Create and sustain specialized AI-powered code reviewers specifically tuned to various vulnerability types and surfaces, being Solidity-aware, protocol-aware, and calibrated to actual patterns observed in Polygon's products.

• Oversee and manage the bug bounty program: review incoming submissions on a daily basis, reproduce valid findings, distinguish significant issues from irrelevant ones, assign severity ratings, and effectively route confirmed problems to the engineering team with sufficient context for accurate resolution, utilizing custom AI workflows to maintain rigor at scale.

• Ensure follow-through on remediation efforts: evaluate proposed fixes, close out resolved findings, and provide feedback when a fix addresses symptoms rather than the underlying cause.

• Integrate with engineering teams throughout all phases, including sprint planning, design reviews, feature freezes, and post-launch, acting as a collaborative partner rather than a mere sign-off function.

• Exemplify leadership in the team's AI security practice: develop custom prompt chains, Claude Code workflows, and Codex integrations tailored to specific security tasks, and demonstrate and share these solutions to enhance the overall team's capabilities.

⛳️ Requirements

• Comprehensive full-stack security knowledge across multiple programming languages: the ability to dive into an unfamiliar codebase and deliver a meaningful review within a day, with a focus on Solidity, Go, TypeScript, and Python.

• Smart contract security expertise as a fundamental skill: practical experience in auditing or developing secure Solidity, along with in-depth understanding of EVM internals, common DeFi protocol patterns, and the historical context of smart contract exploits.

• Demonstrated depth in AI workflows, beyond mere tool usage: experience in building custom prompt chains, CI integrations, and task-specific plugins (leveraging tools like Claude Code and Codex) specifically for security purposes, with the ability to articulate where AI enhances processes and where human judgment remains irreplaceable.

• Experience making security decisions under real-time pressure in a Web3 environment, where speed and thoroughness must coexist.

• A public portfolio showcasing your security acumen: audit reports, bug bounty write-ups, research posts, or open-source tools that illustrate your standards of excellence.

• Experience in managing or contributing to a structured bug bounty program (triaging, researcher communication, severity calibration).

• Direct exposure to payment protocols, stablecoin infrastructure, or regulated fintech environments.

• Previous experience in creating security tools that are utilized by other engineers, not merely internal scripts but widely adopted solutions.

🏝️ Benefits

• Remote-first global workforce.

• Industry-leading Medical, Dental, and Vision health insurance*.

• Company matching 401k with a 3% match*.

• $1,500 Home Office Set Up Allowance (lifetime maximum).

• $200 Annual AI Allowance Program.

• $75 Monthly internet or phone reimbursement.

• Flexible Time Off.

• Company-issued laptop.

• Egg freezing, mental health, and employee wellness benefits.