RemoteLeaf Logo
Log in Sign up

Senior Security Engineer II, Application Security (Remote Eligible)

1 hour, 13 minutes ago
United States
Full-time
Senior
Application Security Engineer
Software Development
AWS Azure CI/CD GCP GitLab Go Java JavaScript LLM Penetration Testing Python Ruby TypeScript
Apply Now
Smartsheet

Smartsheet

Smartsheet provides an enterprise work management platform that enables teams to efficiently manage projects, automate processes, and enhance collaboration through a user-friendly interface that combines spreadsheet functionality with advanced workflow...

Internet Software & Services
1K-5K
Founded 2005
View All Jobs 108

Description

  • Conduct security reviews and threat modeling for AI-integrated product features, including LLM workflows, agentic pipelines, and model APIs.
  • Use AI and automation to build tooling, pipelines, and integrations that expand the security team’s reach and improve risk visibility.
  • Own end-to-end application security assessments for high-risk features and services across the product development lifecycle.
  • Perform threat modeling, architecture review, targeted code review, and security testing to identify and reduce risk before release.
  • Partner directly with engineering teams to influence design decisions and help close security issues early.
  • Operate and evolve security scanning controls in GitLab CI/CD pipelines, including SAST, SCA, secrets, and IaC scanning.
  • Tune security tools and build automation to reduce false positives and improve developer feedback.
  • Serve as the validation layer for the bug bounty program by reproducing, assessing, and triaging complex submissions.
  • Make defensible severity and payout decisions for bug bounty findings and manage researcher engagement and program metrics.
  • Continuously improve application security processes and workflows to scale security across the platform.

Requirements

  • 8+ years of experience in application security, product security, or AppSec engineering.
  • Strong software engineering foundation and fluency in one or more modern languages such as Java, Python, TypeScript/JavaScript, Go, or Ruby.
  • Hands-on experience securing AI-integrated applications, including LLM systems, agentic workflows, and model APIs.
  • Demonstrated experience using AI and automation to scale security functions or extend team reach.
  • Experience performing threat modeling, architecture review, and code review for complex SaaS features.
  • Independent, hands-on manual web application testing experience for authenticated, multi-step vulnerabilities.
  • Direct bug bounty experience as an operator, active researcher, or both, including triage and severity calibration.
  • Working knowledge of CI/CD pipeline security, including SAST, SCA, secrets, and IaC scanning.
  • Working knowledge of AWS, GCP, or Azure sufficient to connect application risk to infrastructure risk.
  • Legally eligible to work in the U.S. on an ongoing basis.
  • BS or MS in Computer Science, a related field, or equivalent industry experience.
  • Preferred experience with agentic security, MCP security, or adversarial evaluation of autonomous AI systems.
  • Preferred GitLab CI/CD experience, including security policy pipeline configuration and scanning job integration.
  • Preferred active bug bounty research experience with published findings, CVE credits, or hall of fame recognition.
  • Preferred penetration testing program management experience, including scope definition, vendor coordination, and finding validation.

Benefits

  • Employer-subsidized medical, vision, and dental coverage for full-time U.S. employees.
  • 401(k) match of 50% of your contribution up to the first 6% of eligible pay.
  • Monthly stipend to support work and productivity.
  • Flexible Time Away Program plus Sick Time Off.
  • Company-provided life insurance, short-term disability, and long-term disability coverage for U.S. employees.
  • 12 paid holidays per year for U.S. employees.
  • Up to 24 weeks of parental leave.
  • Personal paid Volunteer Day.
  • Professional growth and development opportunities, including access to Udemy online courses.
  • Company-funded perks including a counseling membership, local retail discounts, and a personal Smartsheet account.
  • Teleworking options from any registered U.S. location, role dependent.
  • Market-competitive incentive opportunity in addition to base salary.
  • US base salary range of $175,000 to $245,000.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
22 hours, 33 minutes ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Hong Kong Taiwan Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
2 days, 1 hour ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
3 days, 11 hours ago
TOMORROW HIRE

Application Security Engineer - DAST & Burp Suite Enterprise Security Testing

TOMORROW HIRE Internet Software & Services

Application Security Engineer at a fully remote federal contractor supporting secure application development, testing, and compliance for enterprise web applications.

United States Full-time Senior Application Security Engineer
$120k-$140k
Bash Burp Suite C# CI/CD Eclipse Java Linux .NET Python Selenium Unix Visual Studio
4 days, 2 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers