🛠 Tech Stack

💼 About This Role

You'll own application security at a company where the app layer is the highest-priority security surface. You'll embed in the development lifecycle, review code for exploitable flaws, build security tooling into CI/CD, and drive vulnerability remediation across a platform serving 300K+ experts. You'll use AI heavily in security work and work in-person five days a week.

🎯 What You'll Do

• Embed security review workflows in the SDLC
• Perform PR-level analysis for auth bugs, injection flaws, and logic errors
• Build SAST/DAST pipelines integrated into CI/CD
• Manage vulnerability prioritization based on real exploitability

📋 Requirements

• 5+ years professional experience in application security or related field
• Deep understanding of web application security (OWASP Top 10, attack chains, business logic flaws)
• Proficiency in Python, TypeScript, or Go
• Experience building or tuning SAST/DAST tooling (Semgrep, CodeQL, Snyk, Burp)

✨ Nice to Have

• Experience running or triaging a bug bounty program (HackerOne, Bugcrowd)
• Offensive security skills and penetration testing experience
• Experience securing AI/ML applications or supply chain security

🎁 Benefits & Perks

• 💰 Competitive compensation with equity
• 🏢 In-person collaboration in SF, NYC, or London offices
• 🛠️ Ownership of entire application security domain
• 🤖 AI-native tools for daily security work
• 🔭 Insider perspective on frontier AI models

📨 Hiring Process

Estimated timeline: 2-4 weeks · AI estimate

1. 1Recruiter Call· 30 min
2. 2Technical Screen· 60 min
3. 3On-site Interview· 4 hours