Security Engineer - Application Security

About the Role mercor is hiring a Security Engineer focused on Application Security in San Francisco or New York City. This role centers on protecting company applications from threats and vulnerabilities. The Security Engineer works closely with teams across the company to strengthen security practices and improve the overall security of our software. What …

We are seeking a highly skilled Senior Security Engineer to join our innovative team at Decagon in San Francisco. In this pivotal role, you will be responsible for safeguarding our digital infrastructure and ensuring the security of our systems against potential threats. You will work closely with cross-functional teams to design and implement security solutions, conduct risk assessments, and develop incident response strategies.As a Senior Security Engineer, you will have the opportunity to leverage your expertise in security protocols, threat detection, and vulnerability management to enhance our security posture. Your contributions will be essential in creating a secure environment for our operations and clients.

Join Scale AI as a highly skilled Security Engineer in our Product Security team, where you will play a pivotal role in safeguarding the security and integrity of our products and services. This position involves conducting comprehensive code reviews, implementing security best practices, and shaping our overarching security strategy. Your proficiency in TypeScript, Python, AWS, CI/CD, SAST, DAST, and Terraform orchestration will be vital in detecting and addressing potential security threats. You will have the opportunity to analyze complex issues, identify root causes independently, and articulate the complexities and implications of security vulnerabilities, including their potential for exploitation and impact. Your responsibilities will include:Utilizing extensive product security knowledge to design and maintain software tools that secure every layer of the modern AI/ML software ecosystem.Conducting thorough code reviews to identify and rectify security vulnerabilities.Assessing and improving the security of our product offerings through RFC and service evaluations.Establishing and sustaining CI/CD pipelines with a strong emphasis on security.Executing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to uncover vulnerabilities in production code.Employing Terraform orchestration to maintain secure and efficient infrastructure management.Advising engineering teams on developing robust, long-term solutions that prioritize security and privacy.Clearly communicating the mechanics and significance of security vulnerabilities, including their exploitability and potential consequences.Contributing to the security strategy and direction of the team, advocating for best practices and ongoing enhancements. Ideal candidates will possess:A proven track record of independently driving multi-month security initiatives, from problem identification to execution, with minimal oversight.Significant experience as a Security Engineer with an emphasis on product security.Proficiency in NodeJS, TypeScript, Python, and/or Kubernetes.A strong grasp of modern JavaScript application design.Practical experience in operating and securing AWS infrastructure at scale.Hands-on experience with SAST and DAST tools and methodologies.Familiarity with Terraform orchestration for managing infrastructure.Capability to analyze complex problems and identify root causes independently, providing actionable insights without managerial input.Exceptional communication skills, enabling clear presentation of technical concepts to diverse audiences.

Join Hive as a Cybersecurity Engineer and play a pivotal role in fortifying our security infrastructure. We are seeking a proactive and skilled individual with a strong background in information security. In this role, you will be responsible for safeguarding sensitive company data, managing potential security incidents, and implementing robust security and data governance measures. You will collaborate across various teams to lead security operations, conduct risk assessments, respond to incidents, and maintain security projects. Our ideal candidate is passionate about AI and committed to enhancing our security framework to meet evolving challenges.

About the Role Hex Technologies is seeking a skilled Cloud Security Engineer to enhance our security team. In this pivotal role, you will be responsible for safeguarding our cloud infrastructure and ensuring its resilience. You will lead cloud security initiatives and work closely with infrastructure and engineering teams to protect our cloud-native applications. Key Responsibilities: Design, implement, and oversee security solutions and controls for AWS environments and Kubernetes clusters, ensuring effective isolation and sandboxing for Hex’s RCE-as-a-Service platform. Develop, deploy, and maintain infrastructure-as-code utilizing Terraform, while upholding stringent security standards. Perform comprehensive security assessments, threat modeling, and audits on AWS cloud infrastructure and Kubernetes deployments. Collaborate with development and operations teams to integrate security best practices into CI/CD pipelines. Monitor and respond to cloud security incidents, identify root causes, and propose remediation measures. Provide in-depth expertise on compliance requirements related to cloud security, including SOC 2, ISO 27001, GDPR, HIPAA, and PCI DSS. Mentor fellow engineers and advocate for cloud security initiatives throughout the organization. Qualifications: 5+ years of experience in cloud security engineering, particularly with AWS. Proven expertise in Kubernetes security, including cluster hardening, role-based access control (RBAC), network policies, and container vulnerability management. Expertise in Terraform with hands-on experience. Familiarity with AWS security services such as IAM, GuardDuty, Security Hub, CloudTrail, and WAF. Knowledge of CNAPP solutions like Wiz and SIEM solutions such as Panther. Strong understanding of secure software development lifecycle practices, CI/CD security, and DevSecOps methodologies. Relevant certifications such as AWS Certified Security – Specialty, Certified Kubernetes Security Specialist (CKS), and Terraform Associate certification are highly desirable. Additional security certifications from SANS or OffSec are a plus. Exceptional problem-solving, communication, and leadership skills.

About the Role mercor is hiring an Application Security Engineer in San Francisco. This role focuses on protecting our applications by applying proactive security practices and conducting detailed assessments. The work centers on finding vulnerabilities and putting strong security protocols in place to keep our products secure and dependable.

About UsAt Sierra, we are pioneering a transformative platform that enhances customer experiences through the power of AI. Our main office is located in San Francisco, with additional offices expanding across Atlanta, New York, London, France, Singapore, and Japan.Our culture is deeply rooted in our core values of Trust, Customer Obsession, Craftsmanship, Intensity, and Family. These principles guide our decisions and define how we collaborate and innovate together.Our co-founders, Bret Taylor and Clay Bavor, bring a wealth of expertise from their previous roles at leading tech companies. Bret has held positions such as co-CEO of Salesforce and CTO of Facebook, while Clay has led significant initiatives at Google, including Google Lens and Project Starline.Your RoleLead Security Initiatives. Take the helm in safeguarding our platform, focusing on application, cloud, network, and AI agent security through secure design assessments and threat modeling.Collaborate Across Teams. Work hand-in-hand with engineering, product management, and governance to weave security seamlessly into the software development lifecycle, clearly communicating risks and prioritizing resolutions.Drive Automation and Tool Integration. Enhance security efficiency by incorporating advanced tools into CI/CD processes, utilizing AI-driven solutions to automate security assessments and compliance checks.Enhance Security Posture. Regularly audit our cloud infrastructure, evaluate IAM configurations, and proactively address emerging security threats, contributing to strategic security initiatives and best practice development.Support Enterprise Clients. Articulate our security protocols to enterprise customers, addressing their concerns regarding data security in highly regulated sectors such as healthcare and finance.

OverviewIn the rapidly evolving landscape of software development, AI has revolutionized the way we build applications, but security has struggled to keep pace. Corridor is at the forefront of transforming product security, empowering developers to effectively secure their AI code.Our team is uniquely positioned at the intersection of AI and cybersecurity, having led security initiatives for some of the largest corporations globally, influenced U.S. cybersecurity policy, and contributed to AI research at Stanford.As we continue to expand, we are looking for a skilled Security Engineer to enhance the security posture of both our clients and our own systems. This highly technical role emphasizes collaboration with clients to implement secure coding practices, fortify Corridor's internal infrastructure, and support our compliance initiatives.This position reports directly to our Chief Product Officer/Chief Security Officer.What You'll DoEnhance Customer Security OutcomesEngage directly with clients to comprehend their codebases and assist them in establishing secure coding guardrails.Elevate Corridor's detection and remediation capabilities by integrating insights from real-world client environments.Collaborate with clients to showcase security value and measurable outcomes.Fortify Corridor's SystemsStrengthen Corridor's software and infrastructure through threat modeling, code reviews, and red teaming methodologies.Identify vulnerabilities and collaborate with engineering teams to ensure prompt remediation.Monitor production and IT systems, investigate anomalies, and respond effectively to incidents.Contribute to the development of security documentation, policies, and incident response protocols.Assist with ComplianceWork alongside the Chief Information Security Officer to meet compliance obligations including SOC 2, ISO 27001, and client security questionnaires.Aid in maintaining and enhancing Corridor's security posture as we scale.

Role Overview mercor is hiring a Cloud Infrastructure Security Engineer in San Francisco. This role focuses on protecting cloud systems, maintaining data integrity, and applying security protocols to guard against new threats. Collaboration with cross-functional teams is central to designing and maintaining secure cloud environments.

Are you ready to unlock your potential and tackle challenges that push your boundaries?At Coinbase, our mission is to empower economic freedom globally. This ambitious goal demands our best efforts as we construct the emerging on-chain platform that will shape the future of the global financial system.We are looking for an exceptional candidate who shares our passion for our mission and believes in the transformative power of cryptocurrency and blockchain technology to revolutionize the financial landscape. If you are eager to make a significant impact, thrive under pressure, and seek continuous feedback for personal growth, we want you on our team. You should be someone who embraces challenges and is committed to solving complex problems.Our work culture is dynamic and demanding, designed for those who aspire to excel alongside talented peers. If you are ready to build the future with like-minded individuals who hold high expectations for themselves and others, there is no better place than Coinbase.While many positions at Coinbase are remote-first, we are not remote-only. We prioritize in-person collaboration and conduct team and company-wide offsites multiple times a year to enhance teamwork, connection, and alignment. Attendance is encouraged and fully supported.At Coinbase, security is not merely a priority; it is the bedrock of our operations. In the rapidly evolving digital currency landscape, where trust is critical, security lapses can spell disaster. Hence, we have established security as a fundamental tenet of our mission, setting the benchmark for safeguarding millions of customers and billions in assets.As a Blockchain Security Engineer on the Decentralized Financial Security Team, you will collaborate closely with engineers, technical product managers, and senior leadership to design secure products from inception. Your responsibilities will include conducting security design reviews, threat modeling, vendor assessments, and secure code audits for new Coinbase products or features utilized by millions. You will engage with cutting-edge technology and provide insights into our current risk posture. Additionally, you will have the opportunity to lead and participate in cross-functional initiatives aimed at enhancing the security of all Coinbase offerings.

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

About LangChainLangChain is dedicated to making intelligent agents a common part of our daily lives. We provide the essential framework for agent engineering that enables developers to transition from experimental prototypes to production-ready AI agents that organizations can depend on. Having started as widely embraced open-source tools, we have evolved to also deliver a robust platform for the development, evaluation, deployment, and management of agents at scale.Our tools, including LangChain, LangGraph, LangSmith, and Agent Builder, are actively utilized by teams delivering tangible AI products across both startups and large corporations. Millions of developers rely on LangChain to empower AI teams at renowned companies such as Replit, Clay, Coinbase, Workday, Lyft, Cloudflare, Harvey, Rippling, Vanta, and 35% of the Fortune 500.With $125M raised in our Series B funding round from prominent investors including IVP, Sequoia, Benchmark, CapitalG, and Sapphire Ventures, we are at a pivotal point of innovation, accelerating growth, and empowering every team member to have a significant impact on our products and collaborative culture. At LangChain, your contributions can truly influence how this technology integrates into the real world.About the RoleAs the hands-on security lead, you will work closely with our core product teams to ensure the security of agent workloads from end to end, encompassing everything from SDK to LangSmith/Graph services and customer integrations. You will be responsible for defining our security roadmap, achieving immediate hardening wins, and elevating the standards for how AI infrastructure is secured in production. We are seeking engineers with expertise in either cloud/infrastructure security or application security (expertise in both is a significant advantage!).Lead product & platform security: Design and implement application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).Implement secure-by-default authentication and authorization: Enhance SSO/SAML/OIDC/SCIM, manage token lifecycles, establish service-to-service authentication, and ensure tenant isolation for both cloud and self-hosted customers.Vulnerability management: Oversee scanning, triage, and patching SLAs; coordinate with engineering teams to ensure swift remediation without delaying delivery.Develop secure code, conduct reviews, and create tools: Implement secure design principles, write pull requests, execute penetration tests, and introduce lightweight checks (linters, dependency/supply-chain scanning, SBOM/SLSA provenance) to facilitate security at scale.Enhance hardening & operations: Focus on network segmentation/Zero Trust, Kubernetes posture management, secrets management, key rotation, least-privilege IAM, and egress controls.

About the RoleJoin our innovative Product Security team as an Entry-Level Security Engineer. We are seeking a proactive individual with a builder’s mindset who is eager to learn and contribute to both planned initiatives and real-time security needs with supportive mentorship.In this hands-on role, you will collaborate across Infrastructure, Application, and Enterprise Security, where responsibilities may overlap. Your contributions will include the design and implementation of security controls, reviewing technical designs, and addressing findings from security researchers and penetration testers. You will write code, develop automation solutions, and utilize AI tools to enhance your productivity and strengthen our security practices. This position offers exposure to a diverse range of security challenges, accelerating your professional growth as a security engineer.

At Discord, we connect over 200 million users every month through our platform, primarily for one exhilarating reason: gaming. With more than 90% of our community engaged in gaming, they collectively spend an astounding 1.5 billion hours indulging in thousands of unique titles on Discord each month. Our commitment is to enhance the gaming experience, making it more enjoyable for everyone to communicate and socialize before, during, and after gameplay.Your RoleLead a talented team of security engineers to develop and implement robust application security tools and services, conduct secure design reviews, and perform threat modeling, while providing expert guidance on secure development practices at Discord.Ensure the security of our code and development processes from the Integrated Development Environment (IDE) through to production.Enhance the detection and remediation of security vulnerabilities at scale.Collaborate with various Discord teams to minimize security risks for our users while proactively identifying and addressing security bugs prior to production deployment.Partner with Discord’s product engineering and management teams to advocate for innovative security features that enhance user protection.

Join Us in Revolutionizing HealthcareAt candidhealth, we are on a mission to transform one of the most flawed and expensive components of the US healthcare system: medical billing. Healthcare providers currently expend over $250 billion annually just in administrative costs to receive payments from insurance. The complexity of medical billing makes it significantly more challenging than credit card processing—around 100 times more difficult. Traditionally, this process is managed by numerous individuals who navigate intricate rules and procedures unique to each insurance provider, often without adequate software support. Our goal is to rethink medical billing from the ground up, leveraging advanced data science and soon machine learning to automate these complexities, allowing healthcare providers to receive payments with ease and efficiency.Having participated in the Y Combinator W20 batch, we have secured substantial funding from distinguished investors including 8VC, First Round Capital, and BoxGroup, along with numerous angel investors. Our impact extends beyond billing; we are aiding clients in addressing opioid addiction, delivering comprehensive care for women, promoting weight loss, enhancing access to mental health services, and much more. This is crucial, fulfilling work, and we eagerly anticipate your addition to our team to support the groundbreaking innovations in healthcare!Your RoleWe are seeking a Senior Security Engineer who is eager to enhance the security framework of our systems and networks. As our security steward, you will ensure that our platforms are robust against threats while adhering to compliance standards. We appreciate a proactive approach and are looking for someone well-versed in security frameworks while actively participating in both strategic and operational security initiatives.

Join our innovative team at Anthropic as a Security Labs Engineer, where you will play a critical role in enhancing our security frameworks and protocols. You will be responsible for developing and implementing cutting-edge security measures to protect our systems and data.

Join our dynamic Application Security team at Anthropic, where your mission will be to integrate robust security practices throughout every stage of our software development lifecycle. In this pivotal hands-on role, you will work alongside our innovative software engineers and researchers, ensuring security remains a fundamental focus from design inception to deployment. You will lead initiatives in threat modeling and secure design reviews, proactively identifying and mitigating risks, and enhancing our continuous risk assessment processes. Your expertise will contribute to developing tools and systems that empower our developers to ship secure code while adhering to best practices. By shaping our security tools, detection capabilities, and defenses against emerging threats, you will play a crucial role in fostering a culture of security among our engineers, helping them become champions of secure coding. This is a high-impact role that requires a security-savvy professional who possesses a developer's mindset and can build collaborative relationships.

Join Our Team as a Senior Security EngineerAt LiteLLM, the leading AI Gateway trusted by industry giants such as Adobe, Netflix, and NASA, we empower developers with secure and reliable access to LLMs and associated services. We are seeking a talented Senior Security Engineer to establish robust security measures and observability tools as we scale our platform.Your Role:Become a cornerstone of our security team as our inaugural Security Engineer, tackling pivotal security challenges head-on.Key Responsibilities:Perform in-depth security assessments of the LiteLLM proxy codebase to uncover potential supply chain vulnerabilities.Develop and manage automated security scans for our Docker images, PyPI packages, and CI/CD workflows (including dependency scanning and secrets detection).Create and enforce secure-by-default configurations for both cloud and self-hosted environments (API authentication, IAM least privilege, key rotation).Implement and oversee intrusion detection systems and alerts tailored to model and API usage patterns.Lead incident response efforts and post-mortem analyses, including vulnerability assessments and stakeholder communication.Establish a formal CVE triage and disclosure protocol in collaboration with the engineering team.Conduct internal red teaming and adversarial testing to simulate real-world attacks and enhance our defenses.Collaborate with engineering teams to fortify release pipelines (signed builds, provenance checks, reproducible builds).Develop secure coding standards and conduct regular training sessions for developers focused on supply chain and dependency management.Maintain and update threat models as LiteLLM’s products and architecture evolve.

Role Overview Amplitude is hiring a Staff Security Engineer in San Francisco, CA. This role focuses on strengthening security across the company’s systems and safeguarding user data. The position involves both hands-on technical work and collaboration with teams throughout the organization. What You Will Do Design and implement security controls and processes Conduct vulnerability assessments to identify and address risks Work closely with engineering and other teams to embed security best practices into the development lifecycle

At NerdWallet, our mission is to empower individuals to make informed financial decisions. We foster an inclusive, flexible, and transparent culture where you are encouraged to grow, take calculated risks, and be your authentic self (cape optional). Whether you prefer working remotely or in-office, we are committed to supporting your optimal work style. We prioritize your well-being, professional growth, and your ability to create a meaningful impact because when one Nerd succeeds, we all succeed.We are on the lookout for a talented Security Engineer II to become a part of our Application Security team. This team plays a critical role in our mission by ensuring that the products and services we develop protect our users' data and trust.In this position, you will closely collaborate with engineering teams across the organization to mitigate security risks throughout the software development lifecycle. You will participate in initiatives aimed at enhancing NerdWallet's security posture by refining tools, workflows, and standards that enable engineers to create secure software while ensuring a positive developer experience.This role is perfect for someone who thrives on solving security challenges collaboratively, building scalable solutions, and assisting engineers in embedding security practices into their daily work. You will have the chance to deepen your application security knowledge while making significant contributions to our evolving security program.You will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Developed and launched a dashboard for on-call activities for the team.Assisted in triaging and responding to security findings and alerts generated by application security tools.Conducted a penetration test of an external system and participated in red team exercises.Worked alongside engineers to remediate vulnerabilities and enhance secure coding practices.Contributed to automation or tooling that enhances visibility into application security risks.Where you can make an impact:Help expand NerdWallet’s application security program through automation, tooling, and enabling developers.Collaborate with engineering and product teams to identify and address security gaps across various systems while balancing business priorities.Create tools, processes, and automation that facilitate secure software development.