Application Security Engineer

Role overview Webflow is hiring a Senior Application Security Engineer. This remote role is open to candidates in California (BC & ON only) and across the U.S. What you will do Work closely with teams across the company to spot, evaluate, and address security risks in Webflow’s applications. Develop and apply security best practices to strengthen application defenses. Help shape and advance Webflow’s overall security strategy.

At ClickUp, we’re not just developing software; we’re pioneering the future of work! In an era inundated with work distractions, we envisioned a better approach. This vision led to the creation of the first genuinely unified AI workspace, seamlessly integrating tasks, documents, chat, calendar, and enterprise search, all enhanced by context-driven AI. This empowers millions of teams to break free from silos, reclaim their time, and achieve unprecedented productivity levels. At ClickUp, you will have the chance to learn, utilize, and innovate with AI in ways that will not only shape our product but also the future of work itself. Join us and be part of a daring, innovative team that is redefining possibilities! ClickUp is a leading force across every G2 category we participate in and is poised for exponential growth! Our application is uniquely designed to cater to everyone from families to Fortune 500 enterprises.We are in search of a Senior Security Engineer specializing in Application Security for a newly established, engineering-centric security team. Our team collaborates with and integrates into existing engineering teams at ClickUp. We are dedicated to developing and disseminating technology that includes defensive security features, secure infrastructure, operational tools, security response capabilities, and comprehensive security guidelines.Your mission will be to cultivate a culture of security empowerment, enabling our product engineers to develop and launch secure offerings using Angular, Node.js, and PostgreSQL, all hosted on AWS.As a strategic partner, you will collaborate closely with various engineering teams to design, develop, and guide secure solutions. We are experiencing rapid growth and seek Security Engineers who are eager to embrace this challenge!The Role:Design and implement security features that safeguard the entire ClickUp platform.Conduct threat modeling, implementation reviews, and security testing; evaluate requirements and designs.Create tools to assist at all stages of security prevention, detection, and response across the full Software Development Life Cycle (SDLC) from code to deployment.Integrate with existing engineering and product teams, serving as a 'security player-coach'.Develop security automation for the ClickUp platform; design and establish secure-by-default infrastructure.

About Branch Branch helps workers gain financial independence by making it easier for companies to pay them quickly and by offering accessible, no-cost financial services. The team is committed to building inclusive and transparent products that improve the financial lives of working Americans. Ideas and initiative matter here. Employees are encouraged to share their thoughts, those ideas can shape products, culture, and the company’s direction. Branch values diverse perspectives and working styles, aiming to create an environment where everyone can thrive. Role Overview: Senior Application Security Engineer (Remote, US) Branch is hiring a Senior Application Security Engineer to help protect applications, networks, cloud infrastructure, and corporate devices. This role calls for broad security expertise and hands-on experience across multiple domains. The engineer will work closely with teams to build secure systems and processes that support Branch’s mission. What You Will Do Collaborate with Engineering to embed security into the Software Development Life Cycle (SDLC): implement secure design patterns, lead threat modeling, and deliver AppSec training for developers. Plan and conduct application security assessments, including static and dynamic analysis (SAST, DAST), software composition analysis (SCA), and manual code reviews for web, mobile, and API platforms. Strengthen API security for both internal and external services by improving authentication, authorization, rate limiting, and abuse prevention. Manage and improve the vulnerability management program: set prioritization frameworks, track SLAs, and coordinate remediation across teams. Champion software supply chain security, including generating SBOMs, analyzing dependency risks, and reviewing third-party components. Support Governance, Risk, and Compliance (GRC) with technical evaluations of third-party risks and vendor security assessments. Lead incident response efforts from initial detection through resolution and post-incident review. Develop and maintain security policies and procedures, ensuring alignment with industry standards and best practices. Location This position is remote within the United States.

Why join usAt Brex, we are revolutionizing the way businesses manage their finances through our AI-powered spend platform. We empower organizations, ranging from startups to large enterprises, with integrated corporate cards, banking solutions, and global payment options, complemented by user-friendly software for travel and expenses. Our clientele includes industry leaders like DoorDash, Flexport, and Compass, all of whom benefit from our commitment to proactive spend control, cost reduction, and efficiency improvements worldwide.Joining our team means pushing your boundaries, questioning conventional wisdom, and collaborating with some of the brightest talents in the field. We are dedicated to cultivating a diverse workforce and fostering an inclusive culture where your potential is limited only by your imagination. We provide you with the necessary tools, resources, and support to elevate your career to new heights.Engineering at BrexAt Brex, engineering is about developing scalable systems with purpose and speed. Our diverse teams across Software, Data, Security, and IT function with high autonomy and deep collaboration. We tackle complex technical challenges, take full ownership of our results, and strive for excellence at every stage—from architecture to deployment. Here, engineering is considered a craft, and those who build can become leaders.What you’ll doAs a Senior Application Security Engineer, your primary responsibility will be identifying and responding to security vulnerabilities across the Brex platform. You will conduct code and design reviews, perform penetration testing, and manage vulnerability assessments. Additionally, you will create and maintain tools for static and dynamic testing of our platform while ensuring secure developer workflows. This role is part of our broader Financial Scale organization, requiring close collaboration with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams.We seek candidates who possess a robust background in penetration testing and a proven track record in discovering vulnerabilities within intricate systems, alongside the ability to craft exploits that highlight business impact. This position is highly collaborative, providing the opportunity to work across all engineering teams at Brex. We value enthusiasm for engaging with diverse roles and backgrounds, as building a top-tier financial service necessitates top-tier security.Brex is at the forefront of the next generation of AI-driven financial services for dynamic, impactful companies, including Coinbase, Robinhood, and Anthropic. As we embark on integrating AI throughout our product suite, you will have the chance to influence and shape our initiatives significantly.

Join Canary Technologies as a Senior Application Security Engineer and play a pivotal role in embedding security within our software development lifecycle. You will collaborate closely with development teams to ensure secure design becomes the standard practice. This position involves taking ownership of application security tooling and automation while working alongside Site Reliability Engineers (SREs), infrastructure, and data engineers to maintain a secure, scalable platform. Our engineering team operates fully remotely, allowing for flexibility and innovation in a fast-paced environment.

Why Join Brex?Brex is an innovative AI-driven spend management platform designed to empower businesses to manage expenses with confidence. We provide integrated corporate cards, banking solutions, and global payment options, alongside intuitive software for travel and expense management. From startups to large enterprises, clients like DoorDash, Flexport, and Compass leverage Brex to optimize spending, lower costs, and enhance efficiency worldwide.Joining Brex means embracing challenges, pushing boundaries, and collaborating with industry leaders. We are dedicated to fostering a diverse and inclusive culture where your potential is only limited by your aspirations. We equip you with the necessary tools, resources, and support to advance your career.Engineering at BrexOur engineering culture focuses on building scalable systems with intention and speed. Our teams, spanning Software, Data, Security, and IT, work with high autonomy and deep collaboration. We confront challenging technical problems, take ownership of outcomes, and strive for excellence across all levels—from architecture to deployment. Here, engineering is regarded as a craft, and builders evolve into leaders.Your RoleAs a Senior Application Security Engineer, you will be pivotal in identifying and addressing security vulnerabilities within the Brex platform. Your responsibilities will include conducting code and design reviews, penetration testing, and managing vulnerabilities. You will also develop and maintain tools for static and dynamic testing of the platform, ensuring secure developer workflows. You will collaborate closely with teams across Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background in penetration testing and a proven track record of uncovering vulnerabilities in complex systems. Your ability to craft exploits that highlight business risk will be essential. This role demands a collaborative spirit, as you will engage with various engineering teams throughout Brex. Your enthusiasm for diverse perspectives and needs is crucial as we build world-class financial services with top-tier security.Brex is at the forefront of AI-driven financial services for dynamic companies such as Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will have the chance to significantly influence our approach.

At RegScale, we are redefining how organizations manage their security, risk, and compliance programs through our innovative continuous controls monitoring (CCM) platform. As we evolve from a startup to a robust enterprise-ready engineering organization, we are building a skilled team that will drive this transformation. In our mission to handle sensitive security and regulatory data for both enterprise and government clients, we prioritize security as a fundamental engineering principle embedded in our software development process. The Role We are seeking a highly autonomous and experienced Senior Application Security Engineer who excels in navigating complex engineering landscapes. As the lead application security expert at RegScale, you will identify security risks, develop comprehensive strategies to mitigate them, and drive initiatives from inception to measurable outcomes. You will operate independently without a dedicated team, influencing cross-functional engineering teams to enhance security practices. Your role will encompass collaboration with various engineering disciplines, including Core Engineering, Platform and AI, Compliance as Code, Quality Engineering, SRE, Infrastructure, and external security teams. Your success will be measured by your ability to foster security awareness among engineers and integrate security principles into the design, development, and deployment phases of our software. RegScale serves a diverse clientele, including enterprises and government agencies, adhering to regulatory frameworks such as FedRAMP, NIST, and CMMC. This position reports to the SRE and Infrastructure teams and requires not only deep technical security knowledge but also the influence and ownership mentality necessary to instill security as a shared value across engineering.

Join Arcadia as a Senior Security Engineer specializing in Application Security (AppSec). In this role, you will play a pivotal part in safeguarding our applications and infrastructure by implementing robust security measures and promoting security best practices throughout the development lifecycle. Your expertise will help identify vulnerabilities, devise effective remediation strategies, and enhance our overall security posture. Collaborate with cross-functional teams to ensure security is integrated into every phase of our software development processes.

Join Upside:At Upside, we are on a mission to revolutionize brick-and-mortar commerce. Our advanced technology combines the nuances of online retail—profit measurement, attribution, and incrementality—to enhance the value for users on their daily purchases while simultaneously attracting new, profitable customers to brick-and-mortar businesses. Millions of users have benefited from earning 2 to 3 times more cashback than any competing product, and hundreds of thousands of physical businesses have realized tangible profits through our platform. Each year, billions in commerce are processed through Upside, returning value directly to our retail partners, the consumers they serve, and vital sustainability efforts.Your Impact:In this role, you will report to the Director of Information Security, collaborating closely with technology stakeholders. Utilize your expertise in secure coding practices and payment systems to identify and address application vulnerabilities. As an individual contributor, you will bring innovation to our AppSec team, strengthen our security posture, and empower our engineering teams to code securely.Innovate with AI to deliver robust security solutions that mitigate application vulnerabilities.Conduct security code tests (SAST, SCA) and work with engineers to resolve unsafe code.Develop threat models and collaborate with technology teams to document and assess risks.Advise leadership on security architecture, design, and best practices in application security.Train and enhance the skills of engineers in safe coding and vulnerability management techniques.Assist with penetration testing initiatives and manage bug bounty programs.Support the administration of AWS Control Tower and IAM provisioning.Engage with the security community to stay informed about trends and advancements.Qualifications:A minimum of 6 years of experience in application or product security, including reviewing Python code.Proven experience in innovating and implementing solutions for vulnerability management.In-depth knowledge of AWS security architecture, including Lambda and AWS Control Tower.Strong comprehension and application of AI technologies.A Bachelor's degree in Computer Science or Engineering is highly preferred.Outstanding interpersonal and customer service skills.

Join Space Exploration Technologies Corp. (SpaceX) as a Senior Application Security Engineer, where you will play a crucial role in ensuring the security of our applications and software systems. You will work alongside our talented engineering teams to identify and mitigate security vulnerabilities, implement security best practices, and enhance our security posture in support of our mission to make space travel affordable and accessible.

Role overview Magic School seeks a Senior Security Engineer with a focus on Application and Cloud Security. This position plays a key role in shaping how the company protects both its cloud infrastructure and software systems. The engineer will guide ongoing security improvements and help embed safeguards directly into platforms and applications. What you will do Lead projects to strengthen security across cloud environments and applications Develop and improve security frameworks to align with company objectives Perform risk assessments to find and address vulnerabilities Create and maintain incident response plans to protect systems and data Advise teams on best practices for system integrity and safety Location This position is fully remote.

K Health Careers seeks a Senior Application Security Engineer based in New York, NY. The focus of this role is to strengthen application security and protect user data and privacy across the organization. Key responsibilities Identify and analyze software vulnerabilities, then recommend practical solutions. Collaborate with developers and cross-functional teams to integrate security into every phase of the software development lifecycle. Conduct thorough security assessments and review both application code and system architecture. Advise teams on secure coding practices and support their adoption throughout the company. Lead projects focused on enhancing application security protocols and maintaining high standards. Collaboration and impact This position works closely with engineering and other stakeholders to embed security thinking into daily development. Sharing expertise, guiding teams, and shaping a strong security culture are central to the role.

Join our dynamic team at RevenueCat as a Senior Application Security Engineer. In this pivotal role, you will lead efforts to enhance the security posture of our applications, ensuring robust protections against potential threats. Your expertise will contribute to the development of security strategies, threat assessments, and incident response protocols, making a significant impact on our overall security framework.

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

True Anomaly, Inc. develops technology at the intersection of spacecraft, software, and AI to support secure and sustainable access to space. The company’s mission centers on advancing the peaceful use of space, which impacts communications, logistics, and global security. With locations in Denver, CO and Long Beach, CA, True Anomaly supports the U.S., its allies, and commercial partners in protecting space infrastructure. Our Values Be the offset. Creativity and ingenuity drive unique advantages. What would it take? Challenging assumptions leads to ambitious results. It’s the people. The team’s collective strength fuels success. Role Overview The Senior Application Security Engineer will shape and audit security controls for critical space systems, ensuring alignment with strict government compliance standards. This role combines security engineering, compliance frameworks (including NIST 800-171 and 800-53), and cloud-native architectures to protect satellite mission control software and flight systems under Department of Defense protocols. What You Will Do Design and implement application-level security controls for mission-critical systems. Develop comprehensive audit logging, incident response, access controls, and security monitoring. Work closely with product engineering teams to integrate security practices into development and operations. Establish security protocols that directly impact national security space operations. Requirements Experience with security engineering and compliance frameworks (NIST 800-171/800-53). Background in modern cloud-native architectures. Ability to obtain and maintain a security clearance. This position is based in Denver, CO or Long Beach, CA.

Join our dynamic team at Contentful as an Application Security Engineer. In this critical role, you will be responsible for ensuring the security of our applications and services by implementing robust security practices and conducting thorough assessments. You will work closely with development teams to integrate security into the software development lifecycle, identifying vulnerabilities and providing solutions to mitigate risks.

At Contrast Security, we are revolutionizing the way organizations secure their software in today’s fast-paced development landscape. Our cutting-edge Application Detection and Response (ADR) technology empowers teams to identify, halt, and address real threats instantaneously. If you are enthusiastic about creating intelligent, efficient, and impactful security solutions, you will thrive here.We are on the lookout for sharp thinkers, courageous innovators, and adept problem-solvers who excel at transforming intricate obstacles into groundbreaking solutions.We invite applications for the role of Senior Sales Engineer, who possesses substantial expertise in security. You will offer technical guidance throughout the sales process, leveraging your comprehensive knowledge of Application Security (AppSec), DevSecOps, consulting, IT, and sales. Your exceptional communication skills will help you effectively convey the value of Contrast Security’s offerings to both technical and non-technical stakeholders.As a Sales Engineer, you will be an essential bridge connecting Sales, Product Management, and Engineering teams. You will craft messaging for executives, collaborate daily with sales representatives, and liaise with engineers as necessary. Proficiency in Linux and Windows environments, along with command-line tools and OS services, is essential.In this pivotal role, you will contribute significantly to the growth of our company and team. During your first month, you will immerse yourself in the Contrast platform, mastering a revolutionary technology that enhances software development security. You will gain firsthand experience in DevSecOps and understand the implications of “Shifting Left” in Application Security. Within three months, you will engage directly with prospective clients, including Fortune 100 companies and technology leaders, demonstrating the benefits of continuous application security monitoring. As you advance, your expertise will be crucial in addressing complex technical challenges for potential clients.To succeed in this role, you must be skilled at analyzing prospective customer workflows, defining optimal outcomes, and assisting customers in realizing the value of the Contrast platform. A deep understanding of a DevOps-oriented Software Development Life Cycle (SDLC) is required, along with the ability to advocate for Contrast products to prospective clients. You will also participate in webinars, conferences, and contribute to blogs, drawing on your expertise in discovering customer needs, showcasing product capabilities, executing Proofs of Value (POVs), and leading discussions around Enterprise Architecture, which are critical for success in this position.

Join vCluster Labs as a Senior Application Security Engineer, where you will play a pivotal role in establishing trust within our innovative ecosystem. Your primary responsibility will be to maintain the highest security standards across our products, ensuring that vCluster is recognized as the gold standard for secure Kubernetes multi-tenancy. You will craft comprehensive security strategies that protect our entire codebase and infrastructure.Key Responsibilities:Core Product Security: Conduct thorough security assessments of our core Go-based applications and Kubernetes controllers, focusing on preventing privilege escalation within our multi-tenant architecture.Threat Modeling: Spearhead the threat modeling initiatives for new features, proactively identifying risks associated with shared GPU resources and multi-cloud configurations.Automated Security: Implement early-stage security checks within our CI and developer workflows, optimizing for performance to ensure that security processes do not hinder engineering agility. Additionally, you will oversee both automated and manual scanning of our entire product stack.Vulnerability Management: Manage the lifecycle of security vulnerabilities from discovery to remediation. You will triage reports from both internal and external sources, drive the resolution of critical issues across engineering teams, and communicate effectively with all stakeholders.Feature Development: Contribute to the ideation and development of new features, many of which directly address security concerns such as container isolation and breakout prevention, pushing the boundaries of what is achievable in constrained environments.Developer Training: Simplify complex security topics for all engineers, including emerging attack vectors and secure coding practices.Qualifications:Experience: A minimum of 5 years in Application Security or Product Security, with a solid focus on containerized environments.Kubernetes Expertise: Profound knowledge of Kubernetes architecture, RBAC, and container runtime security, along with an understanding of associated risks.

Join PlayStation as a Senior Application Security Engineer, where you'll play a pivotal role in securing our next-generation gaming infrastructure. This senior-level position is designed for a motivated individual who combines technical prowess with leadership abilities to enhance security practices across our software development lifecycle. Collaborate with a passionate team of engineers to develop, implement, and test robust security solutions, ensuring our products and services remain at the forefront of the gaming industry.