RemoteLeaf Logo
Log in Sign up

Staff Application Security Engineer

1 month, 2 weeks ago
Remote
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP Secrets Management
Apply Now
Thumbtack

Thumbtack

Thumbtack is a platform that connects individuals with local professionals for a wide range of services, from house painting to personal training. By answering a few questions, users receive quotes from qualified professionals, making it easy to compar...

Construction & Engineering
1K-5K
Founded 2009
$698M raised
View All Jobs 40

Description

  • Own the long-term technical direction for application security across Thumbtack and drive remediation of systemic security risks.
  • Build prioritized security roadmaps and lead large, cross-functional security initiatives from problem definition through delivery.
  • Design secure-by-default architectures, standards, and paved paths for engineering teams.
  • Design and implement shared security tooling, libraries, patterns, and services that help teams ship safely and quickly.
  • Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
  • Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
  • Lead application security design reviews, architectural discussions, and threat modeling for critical systems.
  • Contribute code, reviews, and designs to address complex or novel security risks.
  • Mentor engineers and help raise the overall security bar across the organization.
  • Support security incident response and drive learning through post-incident analysis.

Requirements

  • 8+ years of experience in software engineering and application security.
  • Strong understanding of secure coding practices and application security frameworks.
  • Deep expertise in secure system design and architecture.
  • Experience with modern application security tools, patterns, and practices, including threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability discovery and remediation workflows.
  • Strong experience securing modern cloud-native systems, especially AWS and/or GCP.
  • Proven track record leading large, cross-functional technical initiatives with sustained impact.
  • Strong product intuition and analytical, risk-informed thinking with the ability to balance risk, velocity, and maintainability.
  • Strong sense of ownership and accountability, with the ability to mentor others and drive organization-wide improvements.
  • Excellent written and verbal communication skills and the ability to influence without authority.
  • Experience with AI-powered features or systems is relevant to the company context (preferred).

Benefits

  • Remote-first work arrangement (#LI-Remote).
  • Expected salary range of $221,000 to $286,000 for candidates living in Ontario and British Columbia.
  • Hiring decisions are made by recruiters using human judgment, with AI tools used only to support resume screening.
  • Equal opportunity employer with commitment to diversity and inclusive hiring.
  • Reasonable accommodation available for applicants with disabilities during the application process.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Nebius

Application Security Engineer

Nebius 51-250 Internet Software & Services

Nebius is hiring an Application Security Engineer to help secure its AI cloud platform by identifying vulnerabilities, improving secure development practices, and supporting application security across the software lifecycle.

United Kingdom Europe Netherlands Czech Republic Germany Full-time Mid Level Application Security Engineer
$81k-$259k
Burp Suite Cybersecurity Go Java JavaScript Linux OpenID Connect Penetration Testing Python SAML
19 hours, 25 minutes ago
GuidePoint Security

Senior Application Security Engineer - Southeast region (Remote)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a senior Application Security consultant to help client organizations strengthen and operationalize their AppSec programs through a mix of advisory work, hands-on engineering, and executive-level guidance.

United States Full-time Senior Application Security Engineer
AWS Azure CI/CD DevSecOps GCP Kubernetes Secrets Management
19 hours, 55 minutes ago
Spotify

Security Engineer- Product Security

Spotify Media

Spotify is hiring a Security Engineer for Product Security to secure its platform, infrastructure, and engineering initiatives for hundreds of millions of users across London or Stockholm.

United Kingdom Sweden Full-time Mid Level Application Security Engineer
Agile C++ CI/CD Encryption Generative AI Java Python Scala TypeScript
20 hours, 9 minutes ago
MLabs

Product Security Engineer

MLabs 11-50 Internet Software & Services

MLabs is hiring a Product Security Engineer to secure an enterprise-grade open-source proof-of-stake blockchain platform as it scales across protocol upgrades, EVM-compatible services, and cross-chain infrastructure.

Singapore United Kingdom Switzerland Germany Hong Kong Full-time Senior Application Security Engineer
$75k-$85k
Blockchain CI/CD Encryption gRPC Java Rust
20 hours, 25 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers