Senior Application Security Engineer
Role details
Job location
Tech stack
Job description
This high-impact role blends advanced offensive security (penetration testing) with adversarial emulation, threat modeling, and AI security expertise. You will serve as a senior technical SME, proactively identifying and exploiting vulnerabilities in applications before adversaries can. You will use both best-of-breed AppSec tooling and frontier AI systems, while defining and driving the strategic direction of application security across our scaling, mission-driven organization.
This role is approximately 60-70% hands-on with AI-enabled advanced penetration testing, 20% strategic planning and reporting, and 10% attack surface mitigation and threat modeling. You will operate autonomously, drive solutions, and think outside the box in a high-touch, high-consciousness environment with senior stakeholder support.
This is not a people-management role, but a deeply technical, hands-on position for senior engineers who love offensive security and advanced penetration testing while influencing application security architecture and strategy at the highest level., * Perform advanced penetration testing and security assessments on AI-enabled applications and traditional systems, with heavy focus on breaking code rather than writing it.
- Lead application security strategy, including defining direction, applying and enhancing enterprise security standards, and conducting threat modeling on iterative designs and COTS applications.
- Critically evaluate system and solution attack surfaces, architectures, and implementations for vulnerabilities.
- Automate and enhance offensive security testing practices with a focus on Kubernetes environments, Linux systems, and AI-enabled CI/CD pipelines.
- Deliver strategic reporting and risk assessments to leadership, as well as actionable recommendations to engineering teams.
- Design and execute creative attacks with an adversarial lens to uncover vulnerabilities, injection attacks, supply chain and model poisoning, data leakage, and AI-specific risks.
- Collaborate cross-functionally to embed strong application security practices while staying current with emerging technology, cloud, and AI threats.
- Support go-to-market efforts for highly regulated environments.
Requirements
Do you have experience in Web Application Security Testing?, * U.S. citizenship and the ability to obtain a government clearance.
- 7+ years of experience in hands-on application security and penetration testing with recent focus on AI-enabled testing.
- Senior-level offensive security background with proven comfort breaking applications through advanced penetration testing.
- Certifications such as OSCP, GPEN, or similar advanced certifications (one or more).
- Strong expertise in OWASP Top 10 (Web and LLM variants), enterprise security standards, ISO 27001 series, and FedRAMP.
- Hands-on experience with commercial AppSec tools, including the Kali Linux and Burp Suite Professional tool kits.
- Experience with Kubernetes, Python, cloud security, and memory-safe language best practices.
- Demonstrated experience AI-enabled testing tools and technologies, using frontier AI capabilities (e.g. Anthropic Claude, xAI Grok).
- Proven ability to define and drive high-level application security strategy and plans.
- Excellent communication skills for reporting findings and influencing outcomes.
We're extra impressed by folks who have:
- Experience performing security testing and assessments across multiple products and platforms (rather than a single product or system)
- Prior experience testing in government or regulated environments
Benefits & conditions
Pulled from the full job description
- 401(k)
- Health insurance
- 401(k) matching
- Vision insurance
- Health savings account
- Dental insurance
- Unlimited paid time off