Senior Principal Security Architect – Cloud & Application Security

Role overview Magic School seeks a Senior Security Engineer with a focus on Application and Cloud Security. This position plays a key role in shaping how the company protects both its cloud infrastructure and software systems. The engineer will guide ongoing security improvements and help embed safeguards directly into platforms and applications. What you will do Lead projects to strengthen security across cloud environments and applications Develop and improve security frameworks to align with company objectives Perform risk assessments to find and address vulnerabilities Create and maintain incident response plans to protect systems and data Advise teams on best practices for system integrity and safety Location This position is fully remote.

Role Overview Orca Security is hiring a Sales Engineer focused on Application Security and Cloud Security in Austin, Texas. This position works closely with the sales team to showcase how Orca’s security solutions address real-world risks for both prospects and existing customers. What You Will Do Partner with sales to present and explain Orca Security’s products to organizations evaluating cloud and application security tools. Listen to client needs, then tailor demonstrations and recommendations to their specific security challenges. Help customers understand how Orca’s platform can strengthen their security posture and support their goals. Impact Expertise in application and cloud security will be central to helping clients achieve their security objectives and get the most value from Orca’s solutions.

Join Orca Security as a Sales Engineer specializing in Application Security and Cloud Security, where you will leverage your technical expertise to support our sales team and educate clients about our innovative security solutions. Your role will involve engaging with potential customers, presenting product demonstrations, and addressing technical inquiries to ensure client satisfaction and drive sales.

At ClickUp, we’re not just developing software; we’re pioneering the future of work! In an era inundated with work distractions, we envisioned a better approach. This vision led to the creation of the first genuinely unified AI workspace, seamlessly integrating tasks, documents, chat, calendar, and enterprise search, all enhanced by context-driven AI. This empowers millions of teams to break free from silos, reclaim their time, and achieve unprecedented productivity levels. At ClickUp, you will have the chance to learn, utilize, and innovate with AI in ways that will not only shape our product but also the future of work itself. Join us and be part of a daring, innovative team that is redefining possibilities! ClickUp is a leading force across every G2 category we participate in and is poised for exponential growth! Our application is uniquely designed to cater to everyone from families to Fortune 500 enterprises.We are in search of a Senior Security Engineer specializing in Application Security for a newly established, engineering-centric security team. Our team collaborates with and integrates into existing engineering teams at ClickUp. We are dedicated to developing and disseminating technology that includes defensive security features, secure infrastructure, operational tools, security response capabilities, and comprehensive security guidelines.Your mission will be to cultivate a culture of security empowerment, enabling our product engineers to develop and launch secure offerings using Angular, Node.js, and PostgreSQL, all hosted on AWS.As a strategic partner, you will collaborate closely with various engineering teams to design, develop, and guide secure solutions. We are experiencing rapid growth and seek Security Engineers who are eager to embrace this challenge!The Role:Design and implement security features that safeguard the entire ClickUp platform.Conduct threat modeling, implementation reviews, and security testing; evaluate requirements and designs.Create tools to assist at all stages of security prevention, detection, and response across the full Software Development Life Cycle (SDLC) from code to deployment.Integrate with existing engineering and product teams, serving as a 'security player-coach'.Develop security automation for the ClickUp platform; design and establish secure-by-default infrastructure.

At Contrast Security, we are revolutionizing the way organizations secure their software in today’s fast-paced development landscape. Our cutting-edge Application Detection and Response (ADR) technology empowers teams to identify, halt, and address real threats instantaneously. If you are enthusiastic about creating intelligent, efficient, and impactful security solutions, you will thrive here.We are on the lookout for sharp thinkers, courageous innovators, and adept problem-solvers who excel at transforming intricate obstacles into groundbreaking solutions.We invite applications for the role of Senior Sales Engineer, who possesses substantial expertise in security. You will offer technical guidance throughout the sales process, leveraging your comprehensive knowledge of Application Security (AppSec), DevSecOps, consulting, IT, and sales. Your exceptional communication skills will help you effectively convey the value of Contrast Security’s offerings to both technical and non-technical stakeholders.As a Sales Engineer, you will be an essential bridge connecting Sales, Product Management, and Engineering teams. You will craft messaging for executives, collaborate daily with sales representatives, and liaise with engineers as necessary. Proficiency in Linux and Windows environments, along with command-line tools and OS services, is essential.In this pivotal role, you will contribute significantly to the growth of our company and team. During your first month, you will immerse yourself in the Contrast platform, mastering a revolutionary technology that enhances software development security. You will gain firsthand experience in DevSecOps and understand the implications of “Shifting Left” in Application Security. Within three months, you will engage directly with prospective clients, including Fortune 100 companies and technology leaders, demonstrating the benefits of continuous application security monitoring. As you advance, your expertise will be crucial in addressing complex technical challenges for potential clients.To succeed in this role, you must be skilled at analyzing prospective customer workflows, defining optimal outcomes, and assisting customers in realizing the value of the Contrast platform. A deep understanding of a DevOps-oriented Software Development Life Cycle (SDLC) is required, along with the ability to advocate for Contrast products to prospective clients. You will also participate in webinars, conferences, and contribute to blogs, drawing on your expertise in discovering customer needs, showcasing product capabilities, executing Proofs of Value (POVs), and leading discussions around Enterprise Architecture, which are critical for success in this position.

Role overview Webflow is hiring a Senior Application Security Engineer. This remote role is open to candidates in California (BC & ON only) and across the U.S. What you will do Work closely with teams across the company to spot, evaluate, and address security risks in Webflow’s applications. Develop and apply security best practices to strengthen application defenses. Help shape and advance Webflow’s overall security strategy.

Our VisionAt Mimica, we are on a mission to help enterprises, teams, and individuals reclaim their most valuable resource — time. We aim to enhance efficiency, purpose, and impact in the workplace.Our innovative AI-driven task mining technology observes employee interactions across desktops, categorizing them into comprehensive process maps. Mimica’s process intelligence identifies inefficiencies, prioritizes improvements based on return on investment (ROI), recommends the best technologies for automation (including RPA, intelligent document processing, and Generative AI), and provides a blueprint for creating new automation solutions and transforming workflows.Role OverviewAs a vital addition to our rapidly expanding InfoSec team, you will take charge of crucial security initiatives from inception to completion. Collaborating closely with engineers, you will fortify our cloud-native SaaS platform and significantly enhance our overall security posture.This position offers high impact and autonomy, ideal for a proactive individual who thrives in building and implementing scalable security processes in a fast-paced environment. You will report directly to the Head of InfoSec and work alongside another Security Engineer.Key ResponsibilitiesOversee the development and operation of essential security capabilities such as vulnerability management, patching, SIEM/logging, cloud security monitoring, and alert triage.Deploy, configure, and optimize security tools including scanners, WAFs, CSPM, SIEM, and endpoint protection.Collaborate with engineering teams to integrate security at both the application and cloud levels, ensuring a positive developer experience.Assess vulnerabilities, prioritize remediation, and manage risk in a pragmatic yet thorough manner.Develop and implement effective incident-response playbooks and enhance detection capabilities.Review significant architectural modifications periodically and guide engineering teams on secure design considerations.Continuously refine processes to ensure security scales with the company’s growth.Ideal Candidate ProfileExperience: 7+ years in security engineering, preferably in Application Security or SecOps, with a strong preference for experience in startup or scale-up settings.Expertise: Strong knowledge in Application Security (AppSec) and Cloud Security (CloudSec).

Join Arcadia as a Senior Security Engineer specializing in Application Security (AppSec). In this role, you will play a pivotal part in safeguarding our applications and infrastructure by implementing robust security measures and promoting security best practices throughout the development lifecycle. Your expertise will help identify vulnerabilities, devise effective remediation strategies, and enhance our overall security posture. Collaborate with cross-functional teams to ensure security is integrated into every phase of our software development processes.

Join Canary Technologies as a Senior Application Security Engineer and play a pivotal role in embedding security within our software development lifecycle. You will collaborate closely with development teams to ensure secure design becomes the standard practice. This position involves taking ownership of application security tooling and automation while working alongside Site Reliability Engineers (SREs), infrastructure, and data engineers to maintain a secure, scalable platform. Our engineering team operates fully remotely, allowing for flexibility and innovation in a fast-paced environment.

Why join usAt Brex, we are revolutionizing the way businesses manage their finances through our AI-powered spend platform. We empower organizations, ranging from startups to large enterprises, with integrated corporate cards, banking solutions, and global payment options, complemented by user-friendly software for travel and expenses. Our clientele includes industry leaders like DoorDash, Flexport, and Compass, all of whom benefit from our commitment to proactive spend control, cost reduction, and efficiency improvements worldwide.Joining our team means pushing your boundaries, questioning conventional wisdom, and collaborating with some of the brightest talents in the field. We are dedicated to cultivating a diverse workforce and fostering an inclusive culture where your potential is limited only by your imagination. We provide you with the necessary tools, resources, and support to elevate your career to new heights.Engineering at BrexAt Brex, engineering is about developing scalable systems with purpose and speed. Our diverse teams across Software, Data, Security, and IT function with high autonomy and deep collaboration. We tackle complex technical challenges, take full ownership of our results, and strive for excellence at every stage—from architecture to deployment. Here, engineering is considered a craft, and those who build can become leaders.What you’ll doAs a Senior Application Security Engineer, your primary responsibility will be identifying and responding to security vulnerabilities across the Brex platform. You will conduct code and design reviews, perform penetration testing, and manage vulnerability assessments. Additionally, you will create and maintain tools for static and dynamic testing of our platform while ensuring secure developer workflows. This role is part of our broader Financial Scale organization, requiring close collaboration with Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure teams.We seek candidates who possess a robust background in penetration testing and a proven track record in discovering vulnerabilities within intricate systems, alongside the ability to craft exploits that highlight business impact. This position is highly collaborative, providing the opportunity to work across all engineering teams at Brex. We value enthusiasm for engaging with diverse roles and backgrounds, as building a top-tier financial service necessitates top-tier security.Brex is at the forefront of the next generation of AI-driven financial services for dynamic, impactful companies, including Coinbase, Robinhood, and Anthropic. As we embark on integrating AI throughout our product suite, you will have the chance to influence and shape our initiatives significantly.

About Branch Branch helps workers gain financial independence by making it easier for companies to pay them quickly and by offering accessible, no-cost financial services. The team is committed to building inclusive and transparent products that improve the financial lives of working Americans. Ideas and initiative matter here. Employees are encouraged to share their thoughts, those ideas can shape products, culture, and the company’s direction. Branch values diverse perspectives and working styles, aiming to create an environment where everyone can thrive. Role Overview: Senior Application Security Engineer (Remote, US) Branch is hiring a Senior Application Security Engineer to help protect applications, networks, cloud infrastructure, and corporate devices. This role calls for broad security expertise and hands-on experience across multiple domains. The engineer will work closely with teams to build secure systems and processes that support Branch’s mission. What You Will Do Collaborate with Engineering to embed security into the Software Development Life Cycle (SDLC): implement secure design patterns, lead threat modeling, and deliver AppSec training for developers. Plan and conduct application security assessments, including static and dynamic analysis (SAST, DAST), software composition analysis (SCA), and manual code reviews for web, mobile, and API platforms. Strengthen API security for both internal and external services by improving authentication, authorization, rate limiting, and abuse prevention. Manage and improve the vulnerability management program: set prioritization frameworks, track SLAs, and coordinate remediation across teams. Champion software supply chain security, including generating SBOMs, analyzing dependency risks, and reviewing third-party components. Support Governance, Risk, and Compliance (GRC) with technical evaluations of third-party risks and vendor security assessments. Lead incident response efforts from initial detection through resolution and post-incident review. Develop and maintain security policies and procedures, ensuring alignment with industry standards and best practices. Location This position is remote within the United States.

At ExtraHop, we are dedicated to safeguarding and empowering the connected enterprise. Our innovative solutions provide crucial visibility into the infrastructure that supports businesses, communities, and lives, ensuring the integrity of networks, data, and systems. Organizations trust ExtraHop to illuminate the cyber threats and vulnerabilities that traditional security and IT tools often overlook. With our insights, businesses can investigate intelligently, respond to threats quickly, and maintain operational continuity.We are driven by a strong social and moral obligation to excel at what we do, creating a secure world where everyone can flourish. If you aspire to be part of an inspiring environment where you can make a significant impact, we would love to connect with you.Position SummaryDo you have a passion for securing intricate cloud services and infrastructure? Are you eager to join a collaborative team that engineers solutions to protect some of the largest networks globally? ExtraHop is seeking a Senior Cloud Security Engineer who is adept in modern cloud system development and infrastructure-as-code practices. You will play a critical role in developing and operating product security capabilities, tools, and processes that keep us ahead in a fast-evolving security landscape, mitigate risks, and foster organizational success.We are looking for professionals with a blend of cloud security, infrastructure security, security information and event management (SIEM) technologies, DevOps, and software development experience. Candidates should thrive in a collaborative atmosphere, taking initiative to identify, remediate, and prevent security vulnerabilities and issues.You should possess hands-on experience securing cloud environments and contemporary computing infrastructures, deploying and managing SIEM tools, along with a solid understanding of Infrastructure-as-Code and container technologies.

At RegScale, we are redefining how organizations manage their security, risk, and compliance programs through our innovative continuous controls monitoring (CCM) platform. As we evolve from a startup to a robust enterprise-ready engineering organization, we are building a skilled team that will drive this transformation. In our mission to handle sensitive security and regulatory data for both enterprise and government clients, we prioritize security as a fundamental engineering principle embedded in our software development process. The Role We are seeking a highly autonomous and experienced Senior Application Security Engineer who excels in navigating complex engineering landscapes. As the lead application security expert at RegScale, you will identify security risks, develop comprehensive strategies to mitigate them, and drive initiatives from inception to measurable outcomes. You will operate independently without a dedicated team, influencing cross-functional engineering teams to enhance security practices. Your role will encompass collaboration with various engineering disciplines, including Core Engineering, Platform and AI, Compliance as Code, Quality Engineering, SRE, Infrastructure, and external security teams. Your success will be measured by your ability to foster security awareness among engineers and integrate security principles into the design, development, and deployment phases of our software. RegScale serves a diverse clientele, including enterprises and government agencies, adhering to regulatory frameworks such as FedRAMP, NIST, and CMMC. This position reports to the SRE and Infrastructure teams and requires not only deep technical security knowledge but also the influence and ownership mentality necessary to instill security as a shared value across engineering.

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

Join Upside:At Upside, we are on a mission to revolutionize brick-and-mortar commerce. Our advanced technology combines the nuances of online retail—profit measurement, attribution, and incrementality—to enhance the value for users on their daily purchases while simultaneously attracting new, profitable customers to brick-and-mortar businesses. Millions of users have benefited from earning 2 to 3 times more cashback than any competing product, and hundreds of thousands of physical businesses have realized tangible profits through our platform. Each year, billions in commerce are processed through Upside, returning value directly to our retail partners, the consumers they serve, and vital sustainability efforts.Your Impact:In this role, you will report to the Director of Information Security, collaborating closely with technology stakeholders. Utilize your expertise in secure coding practices and payment systems to identify and address application vulnerabilities. As an individual contributor, you will bring innovation to our AppSec team, strengthen our security posture, and empower our engineering teams to code securely.Innovate with AI to deliver robust security solutions that mitigate application vulnerabilities.Conduct security code tests (SAST, SCA) and work with engineers to resolve unsafe code.Develop threat models and collaborate with technology teams to document and assess risks.Advise leadership on security architecture, design, and best practices in application security.Train and enhance the skills of engineers in safe coding and vulnerability management techniques.Assist with penetration testing initiatives and manage bug bounty programs.Support the administration of AWS Control Tower and IAM provisioning.Engage with the security community to stay informed about trends and advancements.Qualifications:A minimum of 6 years of experience in application or product security, including reviewing Python code.Proven experience in innovating and implementing solutions for vulnerability management.In-depth knowledge of AWS security architecture, including Lambda and AWS Control Tower.Strong comprehension and application of AI technologies.A Bachelor's degree in Computer Science or Engineering is highly preferred.Outstanding interpersonal and customer service skills.

Why Join Brex?Brex is an innovative AI-driven spend management platform designed to empower businesses to manage expenses with confidence. We provide integrated corporate cards, banking solutions, and global payment options, alongside intuitive software for travel and expense management. From startups to large enterprises, clients like DoorDash, Flexport, and Compass leverage Brex to optimize spending, lower costs, and enhance efficiency worldwide.Joining Brex means embracing challenges, pushing boundaries, and collaborating with industry leaders. We are dedicated to fostering a diverse and inclusive culture where your potential is only limited by your aspirations. We equip you with the necessary tools, resources, and support to advance your career.Engineering at BrexOur engineering culture focuses on building scalable systems with intention and speed. Our teams, spanning Software, Data, Security, and IT, work with high autonomy and deep collaboration. We confront challenging technical problems, take ownership of outcomes, and strive for excellence across all levels—from architecture to deployment. Here, engineering is regarded as a craft, and builders evolve into leaders.Your RoleAs a Senior Application Security Engineer, you will be pivotal in identifying and addressing security vulnerabilities within the Brex platform. Your responsibilities will include conducting code and design reviews, penetration testing, and managing vulnerabilities. You will also develop and maintain tools for static and dynamic testing of the platform, ensuring secure developer workflows. You will collaborate closely with teams across Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background in penetration testing and a proven track record of uncovering vulnerabilities in complex systems. Your ability to craft exploits that highlight business risk will be essential. This role demands a collaborative spirit, as you will engage with various engineering teams throughout Brex. Your enthusiasm for diverse perspectives and needs is crucial as we build world-class financial services with top-tier security.Brex is at the forefront of AI-driven financial services for dynamic companies such as Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will have the chance to significantly influence our approach.

Archer Aviation, located in San Jose, California, is pioneering the future of sustainable air mobility by developing an innovative all-electric vertical takeoff and landing aircraft. Our mission is to enhance air mobility while significantly reducing noise pollution. We are committed to advancing technology that will redefine air transportation.At Archer, we embrace challenges and strive for excellence through diversity and inclusion. We believe that a diverse workforce fosters innovation, insight, and ultimately leads to greater success. Our workplace is dedicated to creating an equitable environment that celebrates the unique contributions of all team members. Senior Enterprise Application Security Engineer (Hybrid-San Jose)Job OverviewWe are seeking an exceptional Senior Enterprise Application Security Engineer to architect and secure the cloud infrastructure driving the next wave of sustainable air mobility. The ideal candidate is a proactive collaborator with outstanding communication skills and a comprehensive understanding of cloud security. In this role, you will safeguard our cloud-native environments (AWS/Azure) and protect our telemetry, flight operations, and enterprise systems from advanced persistent threats. You will bridge DevOps and Security by embedding secure design principles into our Infrastructure as Code (IaC) and CI/CD pipelines, ensuring compliance with aviation and federal standards (NIST CSF, 800-53, FedRAMP, DO-326A).Key ResponsibilitiesCloud Architecture & Hardening: Design, implement, and maintain robust cloud architectures in AWS and Azure. Enforce zero-trust principles and least-privilege access utilizing advanced IAM policies and roles.Infrastructure as Code (IaC) Security: Lead the security review and automated scanning of IaC templates (Terraform, CloudFormation, Helm) to preemptively prevent misconfigurations.DevSecOps & Automation: Integrate security tools (CSPM, CWPP, Secret Scanning) into CI/CD pipelines (Jenkins, GitLab, GitHub Actions) to facilitate rapid and secure deployments.Kubernetes Security: Implement security controls for Kubernetes clusters, ensuring compliance with industry best practices.

Join Contentful as an Application Security Engineer, where you will be instrumental in safeguarding our applications and services. You will work collaboratively with our development teams to implement security best practices and protect our customers' data.

About the Role Sigma Computing is seeking a Senior Security Engineer II focused on Cloud & Data Security to help safeguard our large-scale, cloud-native SaaS platform. This position centers on engineering: building security solutions, not just operating existing tools. The role calls for a subject matter expert in cloud security architecture. Collaboration with Engineering, Security, and Product teams is key, as is designing scalable controls that support business growth. Responsibilities include creating secure architectures, integrating controls into infrastructure-as-code, and setting up automated guardrails so teams can move quickly without waiting for manual security sign-offs. This is a hands-on position for someone who thrives in complex cloud environments, values automation, and knows how to scale security for a growing SaaS company. What You Will Do Architectural Leadership: Work closely with infrastructure and engineering teams to embed security into development workflows. Lead technical discussions that shape security strategy and initiatives. Multi-Cloud Engineering: Design, implement, and refine Sigma’s cloud security across AWS, GCP, and Azure, using deep architectural expertise. Threat Modeling & Incident Response: Conduct threat modeling for cloud environments and handle incident response, including investigation and remediation of malicious activity. Identity & Access Management: Develop strategies for IAM and privileged access (RBAC/ABAC, federation, least privilege, cross-account access). Remove standing privileges and long-lived credentials, and promote zero-trust and privileged access controls across IaaS and SaaS. Cloud Data Security Controls: Implement data classification, encryption/KMS, masking/tokenization, access governance, retention and deletion policies, and reduce exfiltration risks across APIs and data pipelines. Automated Remediation Workflows: Build automated responses for recurring cloud misconfigurations, drift, and policy violations to improve operational efficiency and response times. Security Stack Management: Deploy and manage cloud-native services, including CSPM, CNAPP, DSPM, SIEM, DLP, WAF, Kubernetes, and container security tools. Network Defense: Evaluate and implement zero-trust network security measures. Location: New York City, NY