Senior Security Engineer

Why Join Brex?Brex is an innovative AI-driven spend management platform designed to empower businesses to manage expenses with confidence. We provide integrated corporate cards, banking solutions, and global payment options, alongside intuitive software for travel and expense management. From startups to large enterprises, clients like DoorDash, Flexport, and Compass leverage Brex to optimize spending, lower costs, and enhance efficiency worldwide.Joining Brex means embracing challenges, pushing boundaries, and collaborating with industry leaders. We are dedicated to fostering a diverse and inclusive culture where your potential is only limited by your aspirations. We equip you with the necessary tools, resources, and support to advance your career.Engineering at BrexOur engineering culture focuses on building scalable systems with intention and speed. Our teams, spanning Software, Data, Security, and IT, work with high autonomy and deep collaboration. We confront challenging technical problems, take ownership of outcomes, and strive for excellence across all levels—from architecture to deployment. Here, engineering is regarded as a craft, and builders evolve into leaders.Your RoleAs a Senior Application Security Engineer, you will be pivotal in identifying and addressing security vulnerabilities within the Brex platform. Your responsibilities will include conducting code and design reviews, penetration testing, and managing vulnerabilities. You will also develop and maintain tools for static and dynamic testing of the platform, ensuring secure developer workflows. You will collaborate closely with teams across Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background in penetration testing and a proven track record of uncovering vulnerabilities in complex systems. Your ability to craft exploits that highlight business risk will be essential. This role demands a collaborative spirit, as you will engage with various engineering teams throughout Brex. Your enthusiasm for diverse perspectives and needs is crucial as we build world-class financial services with top-tier security.Brex is at the forefront of AI-driven financial services for dynamic companies such as Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will have the chance to significantly influence our approach.

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

Join Chime as a Senior Application Security Engineer and play a pivotal role in safeguarding our applications and systems from security threats. In this fully remote position, you will collaborate with cross-functional teams to implement security best practices, conduct code reviews, and ensure compliance with industry standards.Your expertise will help shape our security posture as you design and execute vulnerability assessments and penetration tests. If you are passionate about security and want to make a meaningful impact, we want to hear from you!

About Our TeamAt OpenAI, security is a core pillar of our commitment to ensuring that artificial general intelligence is beneficial to all of humanity. Our Security team plays a crucial role in safeguarding OpenAI’s technology, personnel, and products. We focus on creating effective technical solutions while maintaining operational excellence. Our guiding principles include prioritizing impactful actions, empowering researchers, preparing for transformative technologies, and fostering a robust security culture.About the RoleAs a Security Engineer specializing in Application Security, you will be at the forefront of identifying and addressing security vulnerabilities within our software applications. Your expertise will be applied through building innovative security tools, conducting code reviews, performing penetration testing, and executing thorough security assessments.We are seeking proactive individuals who can collaborate closely with development teams to ensure the integration of secure coding practices throughout the software development lifecycle. Your role will also encompass providing security guidance to developers and stakeholders, thereby enhancing the overall security awareness across the organization.This position is ideally based in San Francisco, Seattle, or New York City, but remote work options will be considered. Our hybrid work model includes three days in-office each week, along with relocation assistance available for new hires.Key Responsibilities:Conduct Security Assessments: Regularly perform security assessments, code reviews, and penetration tests to uncover vulnerabilities in applications.Develop Security Tools: Design and implement security tools, frameworks, and methodologies to shield applications from potential threats.Collaborate with Development Teams: Partner with development teams to ensure best security practices are embedded in the software development lifecycle, including secure coding standards.Threat Modeling and Risk Management: Engage in threat modeling and risk assessments to identify potential risks early and formulate effective mitigation strategies.Manage Vulnerabilities: Track, analyze, and oversee vulnerabilities in applications, providing guidance and support for remediation efforts.Incident Response: Participate in incident response efforts as necessary, ensuring swift action is taken to mitigate security incidents.

Join Lightning AI as a Senior Application Security Engineer specializing in the realms of Artificial Intelligence and Machine Learning. In this pivotal role, you'll be responsible for enhancing our application security posture across our innovative platforms. Collaborate with a team of talented engineers to identify vulnerabilities, implement security best practices, and ensure our AI-driven solutions remain robust and secure.

About the Role mercor is hiring a Security Engineer focused on Application Security in San Francisco or New York City. This role centers on protecting company applications from threats and vulnerabilities. The Security Engineer works closely with teams across the company to strengthen security practices and improve the overall security of our software. What You Will Do Work with engineers and other teams to apply security best practices throughout the development lifecycle Perform detailed security assessments of applications Identify and address new and existing security risks Help improve the security posture of mercor’s applications

WHO WE ARE Zeta Global (NYSE: ZETA) is a cutting-edge AI-Powered Marketing Cloud that utilizes advanced artificial intelligence and vast consumer insights to enhance the efficiency with which marketers acquire, nurture, and retain customers. Our mission, through the Zeta Marketing Platform (ZMP), is to simplify sophisticated marketing by integrating identity, intelligence, and omnichannel activation into a single, powerful platform—backed by one of the industry's largest proprietary databases and AI technology. We empower our enterprise clients across diverse sectors to create personalized consumer experiences, driving superior outcomes for their marketing strategies. Founded in 2007 by David A. Steinberg and John Sculley, Zeta Global is headquartered in New York City, with a global presence. Discover more at www.zetaglobal.com. About the Role We are seeking a highly experienced Staff Application Security Engineer to spearhead our application and platform security efforts. You will be tasked with embedding robust security measures throughout the development lifecycle—from threat modeling to deployment—ensuring that secure-by-design principles are consistently upheld. Operating at a significant scale, Zeta supports billions of consumer profiles and handles petabytes of data within our real-time, AI-driven marketing frameworks. In this pivotal role, you will safeguard our high-performance systems by promoting best practices, assessing emerging threats, and enabling cross-functional teams to develop secure and reliable applications. This high-impact position offers significant visibility across engineering, product, and executive leadership teams. Key Responsibilities Threat Modeling & Security Validation Lead threat modeling and security architecture reviews for distributed, event-driven systems. Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines. Coordinate and oversee incident simulations specific to AI systems; manage red/blue team exercises to validate our defensive posture. Conduct security evaluations of third-party vendors and tools to ensure compliance with our security standards.

About the Role mercor is hiring an Application Security Engineer in San Francisco. This role focuses on protecting our applications by applying proactive security practices and conducting detailed assessments. The work centers on finding vulnerabilities and putting strong security protocols in place to keep our products secure and dependable.

At Discord, we connect over 200 million users every month through our platform, primarily for one exhilarating reason: gaming. With more than 90% of our community engaged in gaming, they collectively spend an astounding 1.5 billion hours indulging in thousands of unique titles on Discord each month. Our commitment is to enhance the gaming experience, making it more enjoyable for everyone to communicate and socialize before, during, and after gameplay.Your RoleLead a talented team of security engineers to develop and implement robust application security tools and services, conduct secure design reviews, and perform threat modeling, while providing expert guidance on secure development practices at Discord.Ensure the security of our code and development processes from the Integrated Development Environment (IDE) through to production.Enhance the detection and remediation of security vulnerabilities at scale.Collaborate with various Discord teams to minimize security risks for our users while proactively identifying and addressing security bugs prior to production deployment.Partner with Discord’s product engineering and management teams to advocate for innovative security features that enhance user protection.

At NerdWallet, our mission is to empower individuals to make informed financial decisions. We foster an inclusive, flexible, and transparent culture where you are encouraged to grow, take calculated risks, and be your authentic self (cape optional). Whether you prefer working remotely or in-office, we are committed to supporting your optimal work style. We prioritize your well-being, professional growth, and your ability to create a meaningful impact because when one Nerd succeeds, we all succeed.We are on the lookout for a talented Security Engineer II to become a part of our Application Security team. This team plays a critical role in our mission by ensuring that the products and services we develop protect our users' data and trust.In this position, you will closely collaborate with engineering teams across the organization to mitigate security risks throughout the software development lifecycle. You will participate in initiatives aimed at enhancing NerdWallet's security posture by refining tools, workflows, and standards that enable engineers to create secure software while ensuring a positive developer experience.This role is perfect for someone who thrives on solving security challenges collaboratively, building scalable solutions, and assisting engineers in embedding security practices into their daily work. You will have the chance to deepen your application security knowledge while making significant contributions to our evolving security program.You will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Developed and launched a dashboard for on-call activities for the team.Assisted in triaging and responding to security findings and alerts generated by application security tools.Conducted a penetration test of an external system and participated in red team exercises.Worked alongside engineers to remediate vulnerabilities and enhance secure coding practices.Contributed to automation or tooling that enhances visibility into application security risks.Where you can make an impact:Help expand NerdWallet’s application security program through automation, tooling, and enabling developers.Collaborate with engineering and product teams to identify and address security gaps across various systems while balancing business priorities.Create tools, processes, and automation that facilitate secure software development.

Join dstaff as a Web Application Security Engineer and become a key player in fortifying our digital infrastructure. In this role, you will be responsible for identifying and mitigating security vulnerabilities in our web applications, ensuring the integrity and confidentiality of our data.You will collaborate with cross-functional teams to integrate security practices into our development lifecycle and implement robust security measures. Your expertise will help us stay ahead of potential threats and safeguard our users' information.

Ironclad stands at the forefront of the AI contracting landscape, revolutionizing the way agreements are transformed into strategic assets. Our platform enables contracts to expedite through processes, instantly deliver insights, and empower agents to drive work forward—all while keeping you in control. Whether involved in buying or selling, Ironclad consolidates the entire contracting process into one intelligent platform, equipping leaders with the visibility they need to maintain a competitive edge. This is why some of the most innovative organizations, from Rivian to the World Health Organization and the Associated Press, have entrusted Ironclad to enhance their business operations.We are consistently acknowledged as an industry leader: recognized as a Leader in the Forrester Wave and the Gartner Magic Quadrant for Contract Lifecycle Management, awarded as a Great Place to Work by Fortune, and listed among Fast Company’s Most Innovative Workplaces. Ironclad has also secured a spot in Forbes’ AI 50 and Business Insider’s list of Companies to Bet Your Career On. Our efforts are supported by prominent investors such as Accel, Y Combinator, Sequoia, BOND, and Franklin Templeton. For further details, visit www.ironcladapp.com or connect with us on LinkedIn.This position is hybrid, requiring office attendance at least twice a week on Tuesdays and Thursdays for collaboration and connection. Additional in-office days may be necessary for team or company events.Ironclad is on the lookout for a talented Application Security Engineer who is committed to securing cutting-edge software platforms and safeguarding sensitive information. We seek a candidate with extensive experience in automated vulnerability scanning and penetration testing to fortify our application security initiatives. The ideal individual will possess a background in software development or testing, preferably in SaaS environments or regulated industries.The role encompasses conducting security assessments, identifying and addressing risks, and implementing security best practices and improvements throughout Ironclad’s Product, Platform, and Engineering teams.

Join our dynamic Application Security team at Anthropic, where your mission will be to integrate robust security practices throughout every stage of our software development lifecycle. In this pivotal hands-on role, you will work alongside our innovative software engineers and researchers, ensuring security remains a fundamental focus from design inception to deployment. You will lead initiatives in threat modeling and secure design reviews, proactively identifying and mitigating risks, and enhancing our continuous risk assessment processes. Your expertise will contribute to developing tools and systems that empower our developers to ship secure code while adhering to best practices. By shaping our security tools, detection capabilities, and defenses against emerging threats, you will play a crucial role in fostering a culture of security among our engineers, helping them become champions of secure coding. This is a high-impact role that requires a security-savvy professional who possesses a developer's mindset and can build collaborative relationships.

Harness is a pioneering AI Software Delivery Platform company, founded by the visionary technologist and entrepreneur Jyoti Bansal, the mind behind AppDynamics, which was acquired by Cisco for an astounding $3.7 billion. With approximately $570 million in funding and a current valuation of $5.5 billion, Harness is supported by prominent investors such as Goldman Sachs, Menlo Ventures, IVP, Unusual Ventures, and Citi Ventures. In an era where AI is rapidly transforming code creation, the true challenge lies in the subsequent stages: testing, deployments, application security, reliability, compliance, and cost optimization. Harness addresses this challenge by integrating AI and automation into the software delivery lifecycle, allowing teams to deliver software more quickly while ensuring robust security and governance throughout all stages.Utilizing Harness AI and the Software Delivery Knowledge Graph, our platform injects deep context and intelligent automation into every aspect of the software delivery process, embedding governance and policy-driven controls throughout.In the past year alone, Harness has facilitated over 185 million deployments, 82 million builds, 18 trillion flag evaluations, 8 million security scans, and optimized 9.1 billion tests, while safeguarding 3 trillion API calls and managing $2.8 billion in cloud expenditure. This has empowered esteemed clients like United Airlines, Morningstar, and Choice Hotels to enhance release speeds by up to 75%, cut cloud expenses by as much as 60%, and achieve a tenfold increase in DevOps efficiency.With a diverse global team operating across 14 offices in 25 countries, Harness is at the forefront of the future of AI-driven software delivery and is eager to attract exceptional talent to propel us forward.

About Us:At Notion, we empower individuals and teams to create beautiful, efficient tools tailored to their work. In an era where countless apps and tabs can overwhelm, Notion stands out by offering a unified space for collaboration. Our platform seamlessly integrates documentation, notes, projects, calendars, and emails—all enhanced with AI capabilities for streamlined workflows and insights. Our users, ranging from individuals to industry leaders like Toyota, Figma, and OpenAI, appreciate Notion's versatility, choosing us to save time and resources.We believe that in-person collaboration is vital to our culture. All team members are expected to work from our offices on designated Anchor Days—Mondays, Tuesdays, and Thursdays—though certain roles may require additional in-office days.About the Role:With millions of users and a continuously growing community, Notion is committed to providing a secure and reliable experience. As an Application Security Engineer, you will play a pivotal role in fortifying this trust while helping us innovate and expand our offerings. Your expertise will be essential in ensuring that our flexible and powerful application meets the security needs of thousands of businesses worldwide, safeguarding their data and that of their customers.We are seeking passionate security engineers dedicated to simplifying secure coding practices for developers. In this role, you will act as a consultant, advocate, and builder, focusing on preventing and addressing software vulnerabilities across Notion's product suite.What You'll Achieve:Contribute significantly to defining the direction and objectives of Notion’s Application Security team.Facilitate secure development by providing design guidance and developing solutions to eliminate vulnerabilities.Establish static and dynamic analysis rules to identify weaknesses within our codebase.Educate developers on security and privacy best practices to prevent vulnerabilities during development.Lead and participate in strategies to mitigate AppSec-related incidents.Develop and maintain tools that proactively prevent vulnerabilities or automate remediation.

Join Binti as a Staff/Principal Application Security Engineer and play a pivotal role in safeguarding our innovative platforms. In this position, you will leverage your extensive security expertise to identify vulnerabilities, implement robust security practices, and collaborate with cross-functional teams to enhance our application security posture. Your contributions will ensure the security and integrity of our software solutions as we strive to revolutionize how families connect with adoption services.

Perplexity is on the lookout for an exceptional and proactive Application Security Engineer to enhance our innovative security team. Join us in transforming how individuals search and engage with the internet. You will be instrumental in developing systems, tools, and processes that seamlessly integrate security for developers, fostering rapid innovation while safeguarding our users on a large scale.Key ResponsibilitiesDesign and deploy scalable, developer-friendly security solutions that seamlessly incorporate into engineering workflows.Lead threat modeling exercises, design evaluations, and code assessments for new features and significant product launches.Develop and enhance secure-by-default frameworks for authentication, authorization, input validation, and secrets management.Create and integrate automated security tools within CI/CD pipelines (including linters, dependency scanners, and policy enforcement).Collaborate with product and engineering teams to address vulnerabilities and contribute to incident response and postmortems.Oversee, manage, and enhance our third-party penetration testing engagements and bug bounty program, working closely with external security researchers to detect and fix vulnerabilities.Stay updated on prevalent threats and attack strategies, driving the continuous improvement of our application security posture.

Join Our TeamFieldwire is actively seeking a talented and seasoned Director of Information Security to enhance our team. As a premier provider of Construction Software solutions, we pride ourselves on delivering top-notch security measures. This pivotal role is classified as Line of Defense 1, where you will spearhead the definition, ownership, and execution of our product security program, ensuring adherence to legal standards and regulatory frameworks. Ideal candidates will possess strategic thinking abilities, exceptional communication skills, and extensive expertise in product security protocols, technologies, and standards.Your ResponsibilitiesServe as the Product Business Information Security Officer for Fieldwire.Design, own, and execute a comprehensive product security enhancement plan.Evaluate and identify product security risks and vulnerabilities.Collaborate with management to embed security measures into our software products and business workflows.Provide security incident reports and mitigation strategies to management.Assist the Head of Construction Software Security & GRC in various cybersecurity initiatives.Engage closely with other Information Security Officers within Hilti, the Group CISO.Analyze evolving regulatory and legal changes (e.g., NIST, CRA, NIS2, EU AI data act), translating them into actionable requirements and overseeing their implementation.Independently manage projects pertaining to information and product security, from conception to implementation.Oversee specific security areas such as Cloud & AI Security or technical risk assessments within Fieldwire.Contribute to the ongoing enhancement of security architecture, ICS, and ICT & cyber risk management for Fieldwire.Maintain Fieldwire's SOC2 certification and support the Group's ISO27001 certification.Coordinate internal and external audits related to information and product security, ensuring the execution of resulting recommendations.

About LangChainLangChain is dedicated to making intelligent agents a common part of our daily lives. We provide the essential framework for agent engineering that enables developers to transition from experimental prototypes to production-ready AI agents that organizations can depend on. Having started as widely embraced open-source tools, we have evolved to also deliver a robust platform for the development, evaluation, deployment, and management of agents at scale.Our tools, including LangChain, LangGraph, LangSmith, and Agent Builder, are actively utilized by teams delivering tangible AI products across both startups and large corporations. Millions of developers rely on LangChain to empower AI teams at renowned companies such as Replit, Clay, Coinbase, Workday, Lyft, Cloudflare, Harvey, Rippling, Vanta, and 35% of the Fortune 500.With $125M raised in our Series B funding round from prominent investors including IVP, Sequoia, Benchmark, CapitalG, and Sapphire Ventures, we are at a pivotal point of innovation, accelerating growth, and empowering every team member to have a significant impact on our products and collaborative culture. At LangChain, your contributions can truly influence how this technology integrates into the real world.About the RoleAs the hands-on security lead, you will work closely with our core product teams to ensure the security of agent workloads from end to end, encompassing everything from SDK to LangSmith/Graph services and customer integrations. You will be responsible for defining our security roadmap, achieving immediate hardening wins, and elevating the standards for how AI infrastructure is secured in production. We are seeking engineers with expertise in either cloud/infrastructure security or application security (expertise in both is a significant advantage!).Lead product & platform security: Design and implement application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).Implement secure-by-default authentication and authorization: Enhance SSO/SAML/OIDC/SCIM, manage token lifecycles, establish service-to-service authentication, and ensure tenant isolation for both cloud and self-hosted customers.Vulnerability management: Oversee scanning, triage, and patching SLAs; coordinate with engineering teams to ensure swift remediation without delaying delivery.Develop secure code, conduct reviews, and create tools: Implement secure design principles, write pull requests, execute penetration tests, and introduce lightweight checks (linters, dependency/supply-chain scanning, SBOM/SLSA provenance) to facilitate security at scale.Enhance hardening & operations: Focus on network segmentation/Zero Trust, Kubernetes posture management, secrets management, key rotation, least-privilege IAM, and egress controls.