RemoteLeaf Logo
Log in Sign up

Staff Application Security Engineer

2 hours, 5 minutes ago
Remote
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP Secrets Management
Apply Now
Thumbtack

Thumbtack

Thumbtack is a platform that connects individuals with local professionals for a wide range of services, from house painting to personal training. By answering a few questions, users receive quotes from qualified professionals, making it easy to compar...

Construction & Engineering
1K-5K
Founded 2009
$698M raised
View All Jobs 15

Description

  • Own the long-term technical direction for application security across Thumbtack and drive remediation of systemic security risks.
  • Build prioritized security roadmaps and lead large, cross-functional security initiatives from problem definition through delivery.
  • Design secure-by-default architectures, standards, and paved paths for engineering teams.
  • Design and implement shared security tooling, libraries, patterns, and services that help teams ship safely and quickly.
  • Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
  • Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
  • Lead application security design reviews, architectural discussions, and threat modeling for critical systems.
  • Contribute code, reviews, and designs to address complex or novel security risks.
  • Mentor engineers and help raise the overall security bar across the organization.
  • Support security incident response and drive learning through post-incident analysis.

Requirements

  • 8+ years of experience in software engineering and application security.
  • Strong understanding of secure coding practices and application security frameworks.
  • Deep expertise in secure system design and architecture.
  • Experience with modern application security tools, patterns, and practices, including threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability discovery and remediation workflows.
  • Strong experience securing modern cloud-native systems, especially AWS and/or GCP.
  • Proven track record leading large, cross-functional technical initiatives with sustained impact.
  • Strong product intuition and analytical, risk-informed thinking with the ability to balance risk, velocity, and maintainability.
  • Strong sense of ownership and accountability, with the ability to mentor others and drive organization-wide improvements.
  • Excellent written and verbal communication skills and the ability to influence without authority.
  • Experience with AI-powered features or systems is relevant to the company context (preferred).

Benefits

  • Remote-first work arrangement (#LI-Remote).
  • Expected salary range of $221,000 to $286,000 for candidates living in Ontario and British Columbia.
  • Hiring decisions are made by recruiters using human judgment, with AI tools used only to support resume screening.
  • Equal opportunity employer with commitment to diversity and inclusive hiring.
  • Reasonable accommodation available for applicants with disabilities during the application process.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

BrainRocket

Application Security Engineer

BrainRocket 251-1K Internet Software & Services

BrainRocket is hiring a Senior Application Security Engineer to shape secure architecture and product security across cloud infrastructure, applications, and delivery pipelines for its global tech products.

Portugal Full-time Senior Application Security Engineer
Agile AWS CI/CD CloudFormation Docker GitLab Helm JavaScript Kubernetes Python Shell Scripting Terraform TypeScript
20 minutes ago
Chainguard

Principal Product Security Researcher

Chainguard 51-250 Internet Software & Services

Chainguard is hiring a Principal Product Security Researcher to lead end-to-end product security research across its open source software portfolio and turn emerging threat insights into long-term security strategy.

United Kingdom Full-time Lead Application Security Engineer
1 hour, 5 minutes ago
Alphasense

Staff Product Security

Alphasense 51-250 Industrial Conglomerates

AlphaSense is hiring a Staff Product Security Engineer in the USA to design and secure AI, data, and cloud-native products across the product lifecycle.

United States Full-time Senior Application Security Engineer Machine Learning Engineer
$184k-$252k
AWS Azure CI/CD DevSecOps GCP Java JavaScript Kubernetes Microservices Python Secrets Management
3 hours, 20 minutes ago
Chime

Senior Application Security Engineer

Chime 1K-5K Banks

Chime is hiring a Sr. Full Stack Application Security Engineer to strengthen security across its mobile, API, backend, and CI/CD environments by partnering closely with product and engineering teams to prevent, find, and remediate vulnerabilities.

United States Full-time Senior Application Security Engineer
$213k-$295k
Android Go iOS Penetration Testing Python Ruby
3 hours, 50 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers