Associate Application Security Engineer

What you'll do in your first 60 days:

• Assist with secure design and implementation reviews for new and existing features across web applications, APIs, and backend services.
• Monitor, triage, and help remediate findings from security tooling.
• Get familiar with our security technologies and processes
• Work with feature teams to understand exploitability, prioritize fixes, and track closure of vulnerabilities in alignment with internal SLAs.
• Implement an enterprise security control and configure it for long-term observability.

Success at 6-12 months looks like:

• You're assisting in applying key application security processes
• You're helping shape technical direction for secure, AI-native, product-critical services handling sensitive data
• You're supporting evidence collection for compliance audits
• You've built strong partnerships with product, support, infrastructure, and IT to help identify and triage vulnerabilities and quickly resolve issues
• The security improvements you've implemented are measurably reducing risk
• You’re independently reviewing and triaging security alerts

How we work:

As a member of the team, you'll contribute to the development of secure patterns and tooling by identifying, triaging, and tracking vulnerabilities, while also independently reviewing security alerts and supporting our incident response process to ensure security events are resolved quickly and safely.

WHAT WE'RE LOOKING FOR

Essential:

• Experience securing web applications and APIs, including a strong grasp of common vulnerabilities (e.g., OWASP Top 10) and practical mitigations
• Hands-on experience with application security tooling (e.g., SAST, SCA, DAST, IaC/container scanning) and/or observability for security-relevant signals
• Ability to communicate complex security and technical problems clearly to both technical and non-technical audiences
• Exposure with secure SDLC practices such as threat modeling, security-focused design reviews, and vulnerability management
• Track record of delivering high-quality, pragmatic security outcomes in collaboration with product and engineering teams
• Enthusiasm and interest in technology in general and securing systems

Valued but not required:

• Exposure to building or securing systems with AI/LLMs (e.g., OpenAI, Anthropic)
• Familiarity with OAuth2/OIDC, SSO, secure API design, and multi-tenant SaaS architectures.
• Experience with coding languages such as Python and Java