Staff Application Security Engineer

At NerdWallet, our mission is to empower individuals to make informed financial decisions. We foster an inclusive, flexible, and transparent culture where you are encouraged to grow, take calculated risks, and be your authentic self (cape optional). Whether you prefer working remotely or in-office, we are committed to supporting your optimal work style. We prioritize your well-being, professional growth, and your ability to create a meaningful impact because when one Nerd succeeds, we all succeed.We are on the lookout for a talented Security Engineer II to become a part of our Application Security team. This team plays a critical role in our mission by ensuring that the products and services we develop protect our users' data and trust.In this position, you will closely collaborate with engineering teams across the organization to mitigate security risks throughout the software development lifecycle. You will participate in initiatives aimed at enhancing NerdWallet's security posture by refining tools, workflows, and standards that enable engineers to create secure software while ensuring a positive developer experience.This role is perfect for someone who thrives on solving security challenges collaboratively, building scalable solutions, and assisting engineers in embedding security practices into their daily work. You will have the chance to deepen your application security knowledge while making significant contributions to our evolving security program.You will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Developed and launched a dashboard for on-call activities for the team.Assisted in triaging and responding to security findings and alerts generated by application security tools.Conducted a penetration test of an external system and participated in red team exercises.Worked alongside engineers to remediate vulnerabilities and enhance secure coding practices.Contributed to automation or tooling that enhances visibility into application security risks.Where you can make an impact:Help expand NerdWallet’s application security program through automation, tooling, and enabling developers.Collaborate with engineering and product teams to identify and address security gaps across various systems while balancing business priorities.Create tools, processes, and automation that facilitate secure software development.

About Our TeamAt OpenAI, security is a core pillar of our commitment to ensuring that artificial general intelligence is beneficial to all of humanity. Our Security team plays a crucial role in safeguarding OpenAI’s technology, personnel, and products. We focus on creating effective technical solutions while maintaining operational excellence. Our guiding principles include prioritizing impactful actions, empowering researchers, preparing for transformative technologies, and fostering a robust security culture.About the RoleAs a Security Engineer specializing in Application Security, you will be at the forefront of identifying and addressing security vulnerabilities within our software applications. Your expertise will be applied through building innovative security tools, conducting code reviews, performing penetration testing, and executing thorough security assessments.We are seeking proactive individuals who can collaborate closely with development teams to ensure the integration of secure coding practices throughout the software development lifecycle. Your role will also encompass providing security guidance to developers and stakeholders, thereby enhancing the overall security awareness across the organization.This position is ideally based in San Francisco, Seattle, or New York City, but remote work options will be considered. Our hybrid work model includes three days in-office each week, along with relocation assistance available for new hires.Key Responsibilities:Conduct Security Assessments: Regularly perform security assessments, code reviews, and penetration tests to uncover vulnerabilities in applications.Develop Security Tools: Design and implement security tools, frameworks, and methodologies to shield applications from potential threats.Collaborate with Development Teams: Partner with development teams to ensure best security practices are embedded in the software development lifecycle, including secure coding standards.Threat Modeling and Risk Management: Engage in threat modeling and risk assessments to identify potential risks early and formulate effective mitigation strategies.Manage Vulnerabilities: Track, analyze, and oversee vulnerabilities in applications, providing guidance and support for remediation efforts.Incident Response: Participate in incident response efforts as necessary, ensuring swift action is taken to mitigate security incidents.

About the Role mercor is hiring a Security Engineer focused on Application Security in San Francisco or New York City. This role centers on protecting company applications from threats and vulnerabilities. The Security Engineer works closely with teams across the company to strengthen security practices and improve the overall security of our software. What You Will Do Work with engineers and other teams to apply security best practices throughout the development lifecycle Perform detailed security assessments of applications Identify and address new and existing security risks Help improve the security posture of mercor’s applications

About the Role mercor is hiring an Application Security Engineer in San Francisco. This role focuses on protecting our applications by applying proactive security practices and conducting detailed assessments. The work centers on finding vulnerabilities and putting strong security protocols in place to keep our products secure and dependable.

Why Join Brex?Brex is an innovative AI-driven spend management platform designed to empower businesses to manage expenses with confidence. We provide integrated corporate cards, banking solutions, and global payment options, alongside intuitive software for travel and expense management. From startups to large enterprises, clients like DoorDash, Flexport, and Compass leverage Brex to optimize spending, lower costs, and enhance efficiency worldwide.Joining Brex means embracing challenges, pushing boundaries, and collaborating with industry leaders. We are dedicated to fostering a diverse and inclusive culture where your potential is only limited by your aspirations. We equip you with the necessary tools, resources, and support to advance your career.Engineering at BrexOur engineering culture focuses on building scalable systems with intention and speed. Our teams, spanning Software, Data, Security, and IT, work with high autonomy and deep collaboration. We confront challenging technical problems, take ownership of outcomes, and strive for excellence across all levels—from architecture to deployment. Here, engineering is regarded as a craft, and builders evolve into leaders.Your RoleAs a Senior Application Security Engineer, you will be pivotal in identifying and addressing security vulnerabilities within the Brex platform. Your responsibilities will include conducting code and design reviews, penetration testing, and managing vulnerabilities. You will also develop and maintain tools for static and dynamic testing of the platform, ensuring secure developer workflows. You will collaborate closely with teams across Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background in penetration testing and a proven track record of uncovering vulnerabilities in complex systems. Your ability to craft exploits that highlight business risk will be essential. This role demands a collaborative spirit, as you will engage with various engineering teams throughout Brex. Your enthusiasm for diverse perspectives and needs is crucial as we build world-class financial services with top-tier security.Brex is at the forefront of AI-driven financial services for dynamic companies such as Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will have the chance to significantly influence our approach.

At Discord, we connect over 200 million users every month through our platform, primarily for one exhilarating reason: gaming. With more than 90% of our community engaged in gaming, they collectively spend an astounding 1.5 billion hours indulging in thousands of unique titles on Discord each month. Our commitment is to enhance the gaming experience, making it more enjoyable for everyone to communicate and socialize before, during, and after gameplay.Your RoleLead a talented team of security engineers to develop and implement robust application security tools and services, conduct secure design reviews, and perform threat modeling, while providing expert guidance on secure development practices at Discord.Ensure the security of our code and development processes from the Integrated Development Environment (IDE) through to production.Enhance the detection and remediation of security vulnerabilities at scale.Collaborate with various Discord teams to minimize security risks for our users while proactively identifying and addressing security bugs prior to production deployment.Partner with Discord’s product engineering and management teams to advocate for innovative security features that enhance user protection.

Join Chime as a Senior Application Security Engineer and play a pivotal role in safeguarding our applications and systems from security threats. In this fully remote position, you will collaborate with cross-functional teams to implement security best practices, conduct code reviews, and ensure compliance with industry standards.Your expertise will help shape our security posture as you design and execute vulnerability assessments and penetration tests. If you are passionate about security and want to make a meaningful impact, we want to hear from you!

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

Join dstaff as a Web Application Security Engineer and become a key player in fortifying our digital infrastructure. In this role, you will be responsible for identifying and mitigating security vulnerabilities in our web applications, ensuring the integrity and confidentiality of our data.You will collaborate with cross-functional teams to integrate security practices into our development lifecycle and implement robust security measures. Your expertise will help us stay ahead of potential threats and safeguard our users' information.

WHO WE ARE Zeta Global (NYSE: ZETA) is a cutting-edge AI-Powered Marketing Cloud that utilizes advanced artificial intelligence and vast consumer insights to enhance the efficiency with which marketers acquire, nurture, and retain customers. Our mission, through the Zeta Marketing Platform (ZMP), is to simplify sophisticated marketing by integrating identity, intelligence, and omnichannel activation into a single, powerful platform—backed by one of the industry's largest proprietary databases and AI technology. We empower our enterprise clients across diverse sectors to create personalized consumer experiences, driving superior outcomes for their marketing strategies. Founded in 2007 by David A. Steinberg and John Sculley, Zeta Global is headquartered in New York City, with a global presence. Discover more at www.zetaglobal.com. About the Role We are seeking a highly experienced Staff Application Security Engineer to spearhead our application and platform security efforts. You will be tasked with embedding robust security measures throughout the development lifecycle—from threat modeling to deployment—ensuring that secure-by-design principles are consistently upheld. Operating at a significant scale, Zeta supports billions of consumer profiles and handles petabytes of data within our real-time, AI-driven marketing frameworks. In this pivotal role, you will safeguard our high-performance systems by promoting best practices, assessing emerging threats, and enabling cross-functional teams to develop secure and reliable applications. This high-impact position offers significant visibility across engineering, product, and executive leadership teams. Key Responsibilities Threat Modeling & Security Validation Lead threat modeling and security architecture reviews for distributed, event-driven systems. Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines. Coordinate and oversee incident simulations specific to AI systems; manage red/blue team exercises to validate our defensive posture. Conduct security evaluations of third-party vendors and tools to ensure compliance with our security standards.

Join our dynamic Application Security team at Anthropic, where your mission will be to integrate robust security practices throughout every stage of our software development lifecycle. In this pivotal hands-on role, you will work alongside our innovative software engineers and researchers, ensuring security remains a fundamental focus from design inception to deployment. You will lead initiatives in threat modeling and secure design reviews, proactively identifying and mitigating risks, and enhancing our continuous risk assessment processes. Your expertise will contribute to developing tools and systems that empower our developers to ship secure code while adhering to best practices. By shaping our security tools, detection capabilities, and defenses against emerging threats, you will play a crucial role in fostering a culture of security among our engineers, helping them become champions of secure coding. This is a high-impact role that requires a security-savvy professional who possesses a developer's mindset and can build collaborative relationships.

Harness is a pioneering AI Software Delivery Platform company, founded by the visionary technologist and entrepreneur Jyoti Bansal, the mind behind AppDynamics, which was acquired by Cisco for an astounding $3.7 billion. With approximately $570 million in funding and a current valuation of $5.5 billion, Harness is supported by prominent investors such as Goldman Sachs, Menlo Ventures, IVP, Unusual Ventures, and Citi Ventures. In an era where AI is rapidly transforming code creation, the true challenge lies in the subsequent stages: testing, deployments, application security, reliability, compliance, and cost optimization. Harness addresses this challenge by integrating AI and automation into the software delivery lifecycle, allowing teams to deliver software more quickly while ensuring robust security and governance throughout all stages.Utilizing Harness AI and the Software Delivery Knowledge Graph, our platform injects deep context and intelligent automation into every aspect of the software delivery process, embedding governance and policy-driven controls throughout.In the past year alone, Harness has facilitated over 185 million deployments, 82 million builds, 18 trillion flag evaluations, 8 million security scans, and optimized 9.1 billion tests, while safeguarding 3 trillion API calls and managing $2.8 billion in cloud expenditure. This has empowered esteemed clients like United Airlines, Morningstar, and Choice Hotels to enhance release speeds by up to 75%, cut cloud expenses by as much as 60%, and achieve a tenfold increase in DevOps efficiency.With a diverse global team operating across 14 offices in 25 countries, Harness is at the forefront of the future of AI-driven software delivery and is eager to attract exceptional talent to propel us forward.

Join Lightning AI as a Senior Application Security Engineer specializing in the realms of Artificial Intelligence and Machine Learning. In this pivotal role, you'll be responsible for enhancing our application security posture across our innovative platforms. Collaborate with a team of talented engineers to identify vulnerabilities, implement security best practices, and ensure our AI-driven solutions remain robust and secure.

About Us:At Notion, we empower individuals and teams to create beautiful, efficient tools tailored to their work. In an era where countless apps and tabs can overwhelm, Notion stands out by offering a unified space for collaboration. Our platform seamlessly integrates documentation, notes, projects, calendars, and emails—all enhanced with AI capabilities for streamlined workflows and insights. Our users, ranging from individuals to industry leaders like Toyota, Figma, and OpenAI, appreciate Notion's versatility, choosing us to save time and resources.We believe that in-person collaboration is vital to our culture. All team members are expected to work from our offices on designated Anchor Days—Mondays, Tuesdays, and Thursdays—though certain roles may require additional in-office days.About the Role:With millions of users and a continuously growing community, Notion is committed to providing a secure and reliable experience. As an Application Security Engineer, you will play a pivotal role in fortifying this trust while helping us innovate and expand our offerings. Your expertise will be essential in ensuring that our flexible and powerful application meets the security needs of thousands of businesses worldwide, safeguarding their data and that of their customers.We are seeking passionate security engineers dedicated to simplifying secure coding practices for developers. In this role, you will act as a consultant, advocate, and builder, focusing on preventing and addressing software vulnerabilities across Notion's product suite.What You'll Achieve:Contribute significantly to defining the direction and objectives of Notion’s Application Security team.Facilitate secure development by providing design guidance and developing solutions to eliminate vulnerabilities.Establish static and dynamic analysis rules to identify weaknesses within our codebase.Educate developers on security and privacy best practices to prevent vulnerabilities during development.Lead and participate in strategies to mitigate AppSec-related incidents.Develop and maintain tools that proactively prevent vulnerabilities or automate remediation.

Join Binti as a Staff/Principal Application Security Engineer and play a pivotal role in safeguarding our innovative platforms. In this position, you will leverage your extensive security expertise to identify vulnerabilities, implement robust security practices, and collaborate with cross-functional teams to enhance our application security posture. Your contributions will ensure the security and integrity of our software solutions as we strive to revolutionize how families connect with adoption services.

Perplexity is on the lookout for an exceptional and proactive Application Security Engineer to enhance our innovative security team. Join us in transforming how individuals search and engage with the internet. You will be instrumental in developing systems, tools, and processes that seamlessly integrate security for developers, fostering rapid innovation while safeguarding our users on a large scale.Key ResponsibilitiesDesign and deploy scalable, developer-friendly security solutions that seamlessly incorporate into engineering workflows.Lead threat modeling exercises, design evaluations, and code assessments for new features and significant product launches.Develop and enhance secure-by-default frameworks for authentication, authorization, input validation, and secrets management.Create and integrate automated security tools within CI/CD pipelines (including linters, dependency scanners, and policy enforcement).Collaborate with product and engineering teams to address vulnerabilities and contribute to incident response and postmortems.Oversee, manage, and enhance our third-party penetration testing engagements and bug bounty program, working closely with external security researchers to detect and fix vulnerabilities.Stay updated on prevalent threats and attack strategies, driving the continuous improvement of our application security posture.

Join Our TeamFieldwire is actively seeking a talented and seasoned Director of Information Security to enhance our team. As a premier provider of Construction Software solutions, we pride ourselves on delivering top-notch security measures. This pivotal role is classified as Line of Defense 1, where you will spearhead the definition, ownership, and execution of our product security program, ensuring adherence to legal standards and regulatory frameworks. Ideal candidates will possess strategic thinking abilities, exceptional communication skills, and extensive expertise in product security protocols, technologies, and standards.Your ResponsibilitiesServe as the Product Business Information Security Officer for Fieldwire.Design, own, and execute a comprehensive product security enhancement plan.Evaluate and identify product security risks and vulnerabilities.Collaborate with management to embed security measures into our software products and business workflows.Provide security incident reports and mitigation strategies to management.Assist the Head of Construction Software Security & GRC in various cybersecurity initiatives.Engage closely with other Information Security Officers within Hilti, the Group CISO.Analyze evolving regulatory and legal changes (e.g., NIST, CRA, NIS2, EU AI data act), translating them into actionable requirements and overseeing their implementation.Independently manage projects pertaining to information and product security, from conception to implementation.Oversee specific security areas such as Cloud & AI Security or technical risk assessments within Fieldwire.Contribute to the ongoing enhancement of security architecture, ICS, and ICT & cyber risk management for Fieldwire.Maintain Fieldwire's SOC2 certification and support the Group's ISO27001 certification.Coordinate internal and external audits related to information and product security, ensuring the execution of resulting recommendations.

Join Pinterest as a Security Software Engineer II within our Corporate Security team. In this pivotal role, you will be responsible for developing and enhancing security solutions that protect our platform and its users. Your expertise will contribute to the implementation of innovative security measures while collaborating with cross-functional teams to ensure a secure environment.

About Cogent SecurityCogent Security is at the forefront of cybersecurity innovation, leveraging Applied AI to develop next-generation AI agents. In an era where cyber attacks evolve rapidly, our AI Taskforce analyzes vast amounts of enterprise data to proactively address vulnerabilities and prevent critical breaches.We combine pioneering research with practical execution, ensuring that our innovative solutions meet real-world challenges. Our Cogent Research division acts as our dedicated AI lab, driving the development of advanced security workflows.Since our emergence from stealth mode, we have rapidly grown, collaborating with Fortune 500 companies to secure complex production environments globally.Supported by Greylock, we have gathered a team of top talent from renowned institutions and leading organizations in the AI and cybersecurity sectors.About the RoleAs an Agent Engineer at Cogent Security, you will be pivotal in designing, building, and deploying critical AI agents tailored for complex client environments. Your role is highly cross-functional, involving direct collaboration with customers to understand their unique needs, adapting our platform accordingly, and iterating on scalable solutions to handle millions of real-world security events.You will manage projects from inception to deployment, including data onboarding and integrating feedback into our core agent platform. Your contributions will shape how AI agents detect threats, triage incidents, and automate security workflows for some of the most sophisticated organizations worldwide.This position is ideal for engineers who excel in dynamic environments, enjoy tackling complex technical challenges, and wish to see the tangible impact of their work.