Application Security Engineer
Hippo Insurance
San Jose, United States of America
11 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
Senior Compensation
$ 226KJob location
Remote
San Jose, United States of America
Tech stack
Kubernetes Security
API
Artificial Intelligence
Software System Penetration Testing
User Authentication
Continuous Integration
Distributed Systems
Multi-Factor Authentication
OAuth
OpenID
JSON Web Token
Security Assertion Markup Language (SAML)
Security Software
Data Streaming
Systems Integration
Web Applications
Cloud Platform System
Large Language Models
Software Security
Cyber Threat Analysis
GWAPT
Kubernetes
Static Application Security Testing
Programming Languages
Dynamic Application Security Testing
Job description
- Reports To: Sr. Manager, Cybersecurity
- The Senior Application Security Engineer is a senior individual contributor responsible for driving application security outcomes across Hippo's engineering organization
- This role serves as a trusted subject matter expert in application security, providing deep technical guidance and influencing secure design decisions across multiple teams, products, and services
- This position is application-security-first, with intentional overlap into cloud and platform security where application code, identity, CI/CD pipelines, and infrastructure intersect
- While the role does not own infrastructure, security programs, or formal departmental priorities, it is accountable for identifying application-centric risks and guiding high-impact security decisions through expertise, partnership, and advisory influence
- Operating with significant autonomy, the Senior Application Security Engineer independently owns complex and ambiguous security challenges end-to-end, ensuring outcomes align with business objectives and risk tolerance
- This role emphasizes technical leadership, cross-functional collaboration, and mentorship rather than people management
- Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks
- Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services
- Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments
- Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact
- Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience
- Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance
- Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance
- Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection)
- Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale
- Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction
Requirements
- You are a seasoned application security professional with deep technical expertise and strong judgment, trusted to guide complex security decisions in high-impact environments
- You think adversarially, understand modern application architectures, and can clearly articulate risk tradeoffs to engineering, product, and security leadership
- You are comfortable operating independently in ambiguous situations, influencing outcomes through credibility and collaboration rather than formal authority
- You communicate clearly, mentor others naturally, and help elevate application security maturity across teams by embedding secure design principles into everyday engineering practices
- Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA)
- Proficiency in one or more modern programming languages
- Proven ability to review system designs, data flows, and identify architectural security risks
- Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection)
- Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective
- 6+ years of experience in application security or product security roles
- Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains
- Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms
- Experience threat modeling or assessing AI-powered features and LLM integrations
- Application-focused penetration testing or adversarial security testing experience
- Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security
- Relevant security certifications (e.g., OSWE, GWAPT, CSSLP)
- Experience operating in regulated environments
Benefits & conditions
- Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer covered dental & vision plans for our team members and their families. We also offer a 401(k) retirement plan, short & long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP)
- Training and Career Growth - Training and internal career growth opportunities
- Flexible Time Off - You know when and how you should recharge
- Little Hippos Program - We offer 12 weeks of parental leave for primary and secondary caregivers
- Hippo Habitat - Downtown Austin, a 5-minute walk from the train station. Snacks and drinks available and catered lunches for onsite employees
- Equity