Senior Staff Security Engineer

Join Homebase as a Staff Security Engineer specializing in Application Security in a hybrid work environment. In this pivotal role, you will be responsible for enhancing our security posture while ensuring that our applications remain safe and secure. You will collaborate with cross-functional teams to identify vulnerabilities, implement security controls, and promote best practices in application development.We seek a proactive individual who is passionate about cybersecurity and eager to contribute to building robust security solutions. You will play a key role in shaping the security framework of our applications.

Join Thumbtack in Transforming Home Care!At Thumbtack, we empower millions of individuals to manage and enhance their homes with confidence. Our app is a comprehensive solution for home maintenance, offering everything from personalized recommendations to cutting-edge AI tools, all designed to create a seamless hiring experience. Every day, homeowners across the U.S. rely on Thumbtack to undertake urgent repairs, seasonal upkeep, and significant renovations. If you are inspired by the prospect of making a meaningful impact, we invite you to be part of our journey. Together, we can shape the future of home care.About the Cybersecurity TeamThe Security Engineering team at Thumbtack is dedicated to driving innovation at scale by integrating security into our core processes. We believe that robust security can enhance operational speed rather than hinder it. By embedding security within our systems, platforms, and developer workflows from the outset, we create a secure environment that fosters rapid innovation.We collaborate closely with Product, Engineering, Platform, and Data teams to design systems, inform architectural choices, and continuously improve Thumbtack’s security posture as we grow. Through effective collaboration, automation, and strategic decision-making, we ensure that Thumbtack can deliver quickly, innovate boldly, and maintain the trust of our customers.The Challenge AheadAs Thumbtack expands its offerings and integrates AI-driven features, our security practices must evolve to keep pace with innovation. The increasing complexity of our services, deployment strategies, and data flows requires a shift from traditional manual reviews to proactive security measures embedded within our systems. Our objective is to create secure defaults and reusable components that engineering teams can implement with ease, allowing them to operate swiftly while significantly mitigating risk.Your Role and ResponsibilitiesLead the long-term technical vision for application security across Thumbtack, while developing prioritized roadmaps to address systemic security vulnerabilities throughout our application stack.Manage large-scale, cross-functional security projects from conception through to execution.Create secure-by-default architectures, standards, and guided paths that facilitate engineering efforts. Develop and implement shared security tools, libraries, and services that empower our engineering teams to deliver efficiently and securely.

Why join usAt Brex, we are revolutionizing the way businesses manage their finances with our AI-powered spending platform. Our integrated corporate cards, banking services, and global payment solutions empower companies to spend confidently. From startups to multinational enterprises, including well-known names like DoorDash, Flexport, and Compass, our platform enables proactive spend management, cost reduction, and enhanced efficiency worldwide.Joining Brex means embracing challenges and pushing boundaries while collaborating with some of the most talented professionals in the field. We are dedicated to fostering a diverse and inclusive workplace, believing that your potential is limited only by your imagination. We provide the tools, resources, and support necessary for you to advance your career.Engineering at BrexEngineering at Brex focuses on scalability, speed, and purposeful development. Our teams, encompassing Software, Data, Security, and IT, operate with high levels of autonomy and collaboration. We tackle complex technical challenges, take ownership of our results, and strive for excellence at every stage—from architecture to deployment. This is where engineering is an art, and builders emerge as leaders.What you’ll doAs a Senior Application Security Engineer, your primary objective will be to identify and address security vulnerabilities across the Brex platform. You will conduct code reviews, design evaluations, penetration testing, and manage vulnerabilities. Additionally, you will create and enhance tools for both static and dynamic testing of the platform and support secure development workflows. Being part of the broader Financial Scale organization, you will collaborate closely with teams in Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background and passion for penetration testing. You should have a proven track record of discovering vulnerabilities in intricate systems and developing exploits to illustrate their potential impact on the business. This role is highly collaborative and cross-functional, offering opportunities to work with various engineering teams across Brex. You should be excited about engaging with diverse backgrounds and roles. Ensuring world-class security is imperative for delivering world-class financial services.Brex is at the forefront of integrating AI into financial services, catering to dynamic and high-impact organizations like Coinbase, Robinhood, and Anthropic. This role presents a unique opportunity to influence the future of our AI-driven product suite.

About Pantheon Pantheon WebOps Platform empowers the open web, hosting over 300,000 sites in the cloud for esteemed clients like Google, Princeton, Salesloft, and Doctors Without Borders. Every day, countless developers and marketers design, iterate, and scale WordPress and Drupal websites, reaching billions of users worldwide. Pantheon’s multitenant, container-based platform allows organizations to manage all their websites seamlessly from a single dashboard. Renowned companies, including Clorox and the United Nations, achieve remarkable results through accelerated development and real-time publishing utilizing Pantheon’s collaborative workflows. The Role As part of Pantheon’s Security Engineering team, you will play a crucial role in protecting, auditing, and testing the security of our comprehensive platform. We are dedicated to implementing a robust and multi-faceted approach to application security, emphasizing Security by Design within agile software development and cloud-native environments. We are on the lookout for a motivated and experienced application security engineer to join our expanding team. The Staff Security Engineer will hold a pivotal strategic and technical position within the Application Security team. Our mission is to ensure the security, audit, and testing of the entire cloud hosting platform across several core areas: Security by Design: Integrate “Security by Design” principles into agile software development and cloud-native frameworks. Support and Mentorship: Serve as Subject Matter Experts (SMEs), providing mentorship and guidance to enhance all security engineering initiatives organization-wide. Standard Setting: Establish, organize, and implement application security policies, processes, standards, and guidelines. Application Security Performance: Assist engineering teams in designing and constructing high-performing, secure applications by addressing security issues through risk-based methodologies. What You Will Do Policy Definition: Develop, document, and advocate for processes and practices that ensure a secure Software Development Life Cycle (SDLC). Security Culture: Be a key player in fostering a robust security culture within platform engineering teams. Proactive Security: Lead Threat Modeling initiatives as a fundamental aspect of the Secure by Design strategy. Secure Design Reviews: Conduct thorough Secure Code and Architecture Design assessments.

About League Established in 2014, League Inc. stands at the forefront of healthcare consumer experience (CX) platforms, leveraging cutting-edge artificial intelligence (AI) to connect with over 63 million individuals globally. Our platform enables payers, providers, and health partners to deliver engaging healthcare solutions that enhance health outcomes. With over $285 million in venture funding, League powers the digital experiences of some of healthcare's most reputable brands, including Highmark Health, Manulife, Medibank, and Shoppers Drug Mart.Position SummaryAs a Senior Staff Security Engineer, you will play a pivotal role in shaping the long-term security architecture and strategy for our platform and engineering organization. Our security engineering teams are vital in integrating security measures throughout the development lifecycle and managing vulnerabilities. We believe in a 'security by design' approach, creating or acquiring tools that seamlessly integrate into our platform, empowering engineers to consistently produce high-quality, secure code.Your responsibilities will extend beyond incremental improvements as you tackle significant and complex security challenges. You will design foundational security components, frameworks, and reference architectures, establishing a 'paved road' that minimizes the risk of insecure code deployment. This role is crucial in embedding security and compliance controls into the foundational fabric of League's technology.About the RoleArchitectural Leadership: Define and advocate for the long-term technical security roadmap, architectural patterns, and standards across League's applications, infrastructure, and multi-cloud environments.Cross-Functional Strategy: Serve as the primary security technical advisor to platform, product, and executive leadership, aligning on multi-quarter security initiatives.Security Design Governance: Lead high-stakes, complex security design initiatives to ensure best practices are followed.

Job SummaryAs the Senior Application & Cloud Security Engineer, you will be a pivotal member of the Technology team at Create Music Group, directly reporting to the VP of Data Engineering. This position is instrumental in safeguarding our application portfolio and multi-cloud infrastructure (AWS & GCP). You will work hands-on to enhance the security of Label Engine (PHP/Laravel on AWS, processing over $1B in royalties), fortify the expanding GCP-based CreateOS data and AI platform, and implement the company's extensive security roadmap, which encompasses identity management, endpoint protection, vulnerability management, incident response, and compliance.

As a Senior Cloud Application Security Engineer at Trulioo, work at the intersection of digital identity and security. This role focuses on protecting a platform used by organizations worldwide, helping to safeguard sensitive data and maintain trust in online interactions. Role overview Contribute to the security of cloud-based applications that support global identity verification. The team values collaboration and open communication, and each member plays a part in strengthening the platform’s defenses. The work directly impacts how businesses onboard customers, control costs, and reduce fraud risk. Work environment Based in Vancouver, Trulioo operates on a hybrid model, typically bringing employees together at a hub location three days a week. The company has earned recognition as a BC Top Employer for two consecutive years, reflecting a commitment to an inclusive and collaborative culture. What you will do Shape the security of a platform trusted by organizations globally Work alongside professionals dedicated to building trust online Advance technology that enables secure digital identity verification

Discover OktaAt Okta, we are revolutionizing identity management. Our mission is to enable individuals to securely utilize any technology, anytime, on any device or application. Through our versatile Okta Platform and Auth0 Platform, we deliver secure access, authentication, and automation, placing identity at the forefront of business security and growth.We value diverse perspectives and experiences at Okta. We're not just seeking candidates who meet every requirement; instead, we are looking for lifelong learners who can enrich our team with their unique insights.Join us in creating a world where identity is in your hands.The TeamOur Workforce Identity Cloud Security Engineering group is at the cutting edge of innovation, turning visionary ideas into top-notch security software solutions that support large-scale, mission-critical applications. Our security engineering team possesses a unique skill set that merges security expertise with the ability to design, implement, and deploy security features seamlessly, enhancing product functionality without hindrance. We are committed to elevating customer safety and privacy through robust security services integrated with the Okta core product.The RoleWe are in search of a seasoned and enthusiastic Staff Software Security Engineer to join our Workforce Identity Cloud Security Engineering group. This role focuses on architecting and developing security solutions that strengthen our frameworks and infrastructure. You will be encouraged to implement defense-in-depth strategies, adhere to industry security standards, and uphold the principle of least privilege, thereby enhancing our security posture.This high-impact position is set within a security-focused, dynamic organization that is on the brink of significant growth and achievement. You will serve as a key liaison between the Security and Engineering teams, forging technical synergies and shaping the security roadmap. Your efforts will concentrate on enhancing security and privacy aspects across our services, executing on a weekly release schedule. You will have the autonomy to propose exciting new projects for our roadmap and engage in initiatives utilizing cutting-edge technologies. Join us and contribute to transforming the cloud computing landscape.What You Will DoCollaborate with engineering and security teams to define innovative security roadmap requirements.Advocate security best practices and promote secure coding methodologies.

At BeyondTrust, we empower our employees to make a meaningful impact through their work, enhancing the security landscape with our innovative cybersecurity SaaS solutions. Our culture fosters flexibility, trust, and continuous learning, ensuring that your achievements are recognized and your contributions play a vital role in our collective success. You'll be part of a team that challenges, supports, and motivates you to reach your full potential. Your Role As a Staff Security Researcher, you will be at the forefront of advancing our identity security platform. By merging state-of-the-art security research with strong engineering methodologies, you will transform groundbreaking research into operational systems that safeguard our clients against intricate identity-based threats. This position offers a unique chance to influence the future of identity security through innovative research, scalable engineering solutions, and thought leadership within the cybersecurity community. For insights into our recent projects, visit our page on X: https://x.com/btphantomlabs. This will help you assess our mutual fit.

Workleap, a Montreal-based tech company, creates products that simplify work for HR and IT teams. Since 2006, the company has launched solutions such as the Workleap Platform, an AI-powered HR tool for team performance and engagement, and ShareGate, a Microsoft 365 migration and governance tool. Over 20,000 companies rely on Workleap’s products. Role overview The Application Security Manager joins the AI-SDLC team, which develops internal platforms and tools for supporting AI agents throughout the software development lifecycle. This is a remote position based in Canada. What you will do Embed security practices and features directly into Workleap’s products, development pipelines, and workflows Work hands-on with code and build security tools Collaborate closely with developers to ensure security is integrated at every stage of product development Focus areas Ensure security features are present from the start across all tools, pipelines, and agent workflows Promote secure-by-default product development at scale

ShareGate is seeking an Application Security Manager to strengthen the security of its software applications. This position is fully remote and open to candidates based anywhere in Canada. What you will do Design and implement security strategies that protect applications from threats and vulnerabilities. Collaborate with teams across the company to integrate security practices into every stage of the software development lifecycle. Lead security-focused projects and encourage a strong culture of security awareness. Support efforts to meet relevant industry compliance standards. Requirements Demonstrated experience in application security. Strong leadership abilities and a proactive mindset when addressing security issues. Skilled at working with both technical and non-technical teams.

The Application Modernization Platform (AMP) team is addressing one of the industry's most pivotal challenges: harnessing Generative AI to evolve rigid, legacy applications into dynamic, microservices-based architectures powered by MongoDB. We are developing a sophisticated, SaaS-like platform that integrates both the 'brain' (multi-agent reasoning and orchestration) and the 'hands' (deployment platform and modernization toolkit). This solution necessitates a solid platform foundation and infrastructure designed for a 'build once, run anywhere' model, guaranteeing seamless functionality regardless of a client's security or network constraints. A major challenge lies in fine-tuning our tools for each customer's distinct tech stack and restrictive environments while ensuring they remain easily extensible and scalable for widespread application modernization challenges. We are searching for an engineering leader for this high-visibility project. This role involves defining the overarching strategy and technical direction across all AMP engineering pillars, leading the deployment of solutions to complex application modernization challenges, and delivering an enterprise-grade product. The leader will strive to minimize deployment friction, adhere to customer compliance requirements, and shape the future of how global enterprises utilize Generative AI. The ideal candidate is a hands-on technical leader adept at leveraging Generative AI capabilities, architecting complex distributed systems, and designing the orchestration agents necessary to reliably and fluidly manage the entire software development lifecycle. This position will be based on North America's West Coast (PST) and offers a hybrid working model.

About FaireFaire is a dynamic online wholesale marketplace driven by the belief that the future lies in local commerce. Independent retailers worldwide are achieving greater revenue than giants like Walmart and Amazon combined, yet remain relatively small in stature. At Faire, we harness the power of technology, data, and machine learning to connect this vibrant community of entrepreneurs around the globe. Imagine your favorite local boutique—we empower them to discover the finest products globally to stock their shelves. With the right tools and insights, we aim to level the playing field, enabling small businesses everywhere to compete against large box stores and e-commerce behemoths.By championing the growth of independent enterprises, Faire fosters positive economic impacts within local communities on a global scale. We are on the lookout for intelligent, resourceful, and passionate individuals to join us as we drive the shop-local movement. If you believe in the power of community, we invite you to be a part of ours.Role Description:Our Engineering organization is the backbone of our marketplace, responsible for the software that enables it to function seamlessly. The Product Security team empowers product engineering teams to create and deploy secure software solutions. We prioritize best engineering practices, striving to deliver software that is secure, thoroughly tested, easy to maintain, and capable of scaling to millions of users. We develop scalable, reusable frameworks, consult with product teams, leverage data-driven insights, and continually iterate on our practices.As a Senior Staff Software Engineer in Product Security, you will take on the role of technical lead for the Product Security domain. You will establish the long-term technical vision for integrating security within Faire’s application framework. Collaborating closely with Platform and Product Engineering teams, you will identify and mitigate security vulnerabilities, spearhead significant security initiatives, and mentor engineers across the organization to enhance secure engineering practices.Additionally, you will lead cross-functional programs to embed security deeply within our architecture, pipelines, and developer experience, effectively minimizing risk while maintaining development velocity.In this role, you will:Define the long-term technical strategy for application security at Faire, establishing scalable and developer-friendly frameworks and principles that facilitate secure development across all product areas.

Join Mozilla: Shape the Future of the InternetAt Mozilla Corporation, a non-profit-backed technology leader for over 25 years, we are dedicated to improving the internet experience for users worldwide. Home to innovative products like Firefox, our mission revolves around creating a web that prioritizes user privacy and security. With over 225 million monthly users, we are at the forefront of technology advancement in areas such as artificial intelligence, social media, and security, committed to building an internet that serves people, not corporations.As a wholly owned subsidiary of the Mozilla Foundation, we focus on our mission without the influence of shareholders. Together with a global community of contributors and collaborators, we design, build, and distribute open-source software, empowering individuals to navigate the internet on their terms.About the Role:We are seeking a dedicated Incident Responder to join our dynamic team, responsible for monitoring and mitigating security threats across Mozilla’s products and services. This role requires extensive practical security experience and an in-depth understanding of modern attack detection and response techniques. You will be a trusted resource for Mozillians company-wide, providing swift and effective incident response while collaborating with diverse stakeholders. As a vital member of our team, you will help safeguard the integrity of Mozilla’s offerings and ensure the safety of our users in our pursuit of a more secure internet.Key Responsibilities:Monitor and respond to security incidents globally.Serve as incident commander, guiding incidents through the entire response lifecycle.Develop and maintain a suite of security alerts, automated responses, playbooks, and escalation workflows, supporting our 24/7 incident response capabilities.

Discover OktaAt Okta, we are recognized as the world leader in identity management. Our mission is to empower individuals to securely access any application or service across any platform and device. With our innovative solutions, including the Okta Platform and Auth0 Platform, we put identity at the forefront of business security and operational growth.We value diverse perspectives and experiences, fostering an inclusive environment. We are not just looking for candidates who meet every qualification; we seek lifelong learners who can enrich our team with their unique insights.Become a part of our mission! We’re creating a future where identity is truly in your hands.As a Staff Engineer in Okta’s Defensive Cyber Engineering team, you will play a crucial role in securing Okta’s infrastructure. Collaborating closely with Security, Business Technology Engineering, and Product teams, you will design, implement, and manage security solutions that safeguard our workforce, endpoints, and corporate assets.To thrive in this role, you must possess a strong commitment to integrating tools and people to tackle complex security challenges. This requires an engineering-driven mindset, emphasizing the optimization of existing security tools while strategically developing or acquiring new solutions to address any outstanding security vulnerabilities.Your enterprise security expertise, combined with practical engineering skills, will enable you to leverage automation, policy-as-code, and cloud-native technologies to create robust, scalable, and secure solutions. Your contributions will set the standard for security best practices across the organization and will significantly influence the architecture of critical business systems.

Extreme Networks serves over 50,000 customers worldwide with cloud-based networking solutions. The company supports organizations as they update their networks for digital transformation and business growth. Role overview The Senior Staff Software Applications Engineer position is a full-time role located in Thornhill, Toronto, Canada. This role reports directly to the Senior Manager of Applications Engineering. Application process Applications are reviewed as they are received and will be considered until the position is filled. Legal authorization to work in Canada is required.

Empower Every Identity, from AI to HumanityAt Okta, we believe identity is the gateway to unlocking the full potential of AI. Our mission is to secure AI by establishing a trusted and neutral infrastructure that enables organizations to safely navigate this transformative era. We seek passionate builders and proactive problem solvers who thrive in a fast-paced environment and are committed to excellence.This is your chance to engage in career-defining work. If you share our mission, we want to hear from you!The Okta Security team is dedicated to reinforcing Okta’s role as the premier Identity-as-a-Service provider by identifying and mitigating risks to our employees, products, and most importantly, our customers.As part of the Security Trust & Culture team, we focus on bolstering customer confidence in Okta’s identity services. We collaborate closely with Okta’s go-to-market teams, serving as a key resource. The Customer Assurance team acts as the central repository for security information, offering extensive guidance and resources to enable our customers to effectively manage their risks.As a Staff Security Analyst in Customer Assurance, you will prioritize and respond efficiently to inquiries regarding our security program and related due diligence requests. You will serve as an essential link between our customers and internal engineering teams, ensuring clear communication regarding Okta’s security posture. Your responsibilities will include training local sales teams, managing complex escalations, and driving technological innovations to globally enhance Customer Assurance efforts.This role demands a unique skill set: the ability to analyze technical issues, communicate security-related topics effectively to both internal and external stakeholders, collaborate with internal business units for timely project execution, and present information to upper management as necessary. The ideal candidate will possess experience in SaaS cloud security risk assessment and a robust understanding of identity management core principles. If you aspire to make a significant impact on the security program of a leading global cloud provider, we invite you to join us.

As a Staff Product Security Engineer at Affirm, you will play a critical role in safeguarding our products and systems by identifying vulnerabilities and implementing effective security measures. Your expertise will help shape our security strategies, ensuring that we maintain the highest standards of security throughout the product lifecycle.You will collaborate closely with cross-functional teams, providing guidance on security best practices and conducting threat assessments. Your work will directly impact the security posture of our products and the trust of our customers.

Who are we?At Cohere, our mission is to harness the power of intelligence for the benefit of humanity. We specialize in training and deploying cutting-edge models for developers and enterprises, enabling them to create innovative AI systems that deliver extraordinary experiences in content generation, semantic search, retrieval-augmented generation (RAG), and intelligent agents. Our endeavors are pivotal in accelerating the global adoption of AI technologies.We are dedicated to excellence in our craft. Each team member plays an essential role in enhancing the capabilities of our models and the value they provide to our clients. Our culture is built on hard work, rapid iteration, and a relentless focus on what is best for our customers.Cohere is comprised of a diverse team of researchers, engineers, designers, and more—each a leader in their field. We believe that diverse perspectives are crucial for creating exceptional products.Join us in our quest to shape the future of AI!About the RoleAre you passionate about secure software engineering? Do you aspire to be at the forefront of AI innovation and security? Our North team at Cohere is on the lookout for a Senior Software Engineer focusing on security to join us in our mission and make a substantial impact. This is not merely an advisory position; you will take ownership of and deliver production-level security features that our clients rely upon daily.Your Role:As a Senior Software Engineer with a specialization in security, your contributions will be vital in architecting and securing North's infrastructure. Your responsibilities will encompass:Software Development: Actively participate in the core development of security features like OIDC/OAuth flows and session management, ensuring the security of North's AI agents.Secure Coding: Write robust code to manage OIDC tokens, user claims, and sensitive information, following best practices for JWT validation and encryption.Authentication and Data Protection: Implement authentication protocols, including user login, token management, and authorization checks to safeguard data integrity.Tool Integration: Integrate new security tools to enhance North's capabilities.DevSecOps: Design and execute secret management in Kubernetes clusters, focusing on encryption and role-based access control (RBAC).Cross-functional Collaboration: Utilize strong communication skills to convey security best practices to stakeholders clearly and effectively.You may be a great fit if:You have 5+ years of experience in building secure software applications.You possess a deep understanding of security protocols and practices.You are proficient in coding languages and frameworks relevant to security development.You have a track record of successful collaboration in cross-functional teams.