RemoteLeaf Logo
Log in Sign up

Staff Application Security Engineer

3 weeks, 1 day ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP Secrets Management
Apply Now
Thumbtack

Thumbtack

Thumbtack is a platform that connects individuals with local professionals for a wide range of services, from house painting to personal training. By answering a few questions, users receive quotes from qualified professionals, making it easy to compar...

Construction & Engineering
1K-5K
Founded 2009
$698M raised
View All Jobs 40

Description

  • Own the long-term technical direction for application security across Thumbtack and drive remediation of systemic risks across the application stack.
  • Build prioritized security roadmaps and lead large, cross-functional security initiatives from problem definition through delivery.
  • Design secure-by-default architectures, standards, and paved paths for engineering teams.
  • Design and implement shared security tooling, libraries, patterns, and services that help teams ship quickly and safely.
  • Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
  • Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
  • Lead application security design reviews, architectural discussions, and threat modeling for critical systems.
  • Contribute code, reviews, and designs to address complex or novel security risks.
  • Mentor engineers and raise the overall security bar across the organization.
  • Support security incident response and drive learning through post-incident analysis.

Requirements

  • 8+ years of experience in software engineering and application security.
  • Strong understanding of secure coding practices and application security frameworks.
  • Deep expertise in secure system design and architecture.
  • Experience with modern application security tools, patterns, and practices, including threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability discovery and remediation workflows.
  • Strong experience securing modern cloud-native systems, especially AWS and/or GCP.
  • Proven track record leading large, cross-functional technical initiatives with sustained impact.
  • Strong product intuition and analytical, risk-informed thinking.
  • Ability to balance pragmatism and rigor when making tradeoffs between risk, velocity, and maintainability.
  • Strong ownership and accountability, with the ability to mentor others and drive organization-wide improvements.
  • Excellent written and verbal communication skills, including the ability to influence without authority and explain complex security issues to technical and non-technical audiences.

Benefits

  • Remote-friendly role with #LI-Remote designation.
  • Competitive salary range of $249,900-$323,400 in SF Bay Area, San Jose, New York City, or Seattle metros.
  • Competitive salary range of $225,300-$291,500 in Austin, Washington DC, California, Massachusetts, New Jersey, or Washington.
  • Competitive salary range of $212,500-$275,000 in all other U.S. locations.
  • Reasonable accommodation support for applicants with disabilities.
  • Equal opportunity workplace with consideration for qualified applicants with arrest and conviction records, consistent with applicable law.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
17 hours, 59 minutes ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Hong Kong Taiwan Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
1 day, 21 hours ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
3 days, 7 hours ago
TOMORROW HIRE

Application Security Engineer - DAST & Burp Suite Enterprise Security Testing

TOMORROW HIRE Internet Software & Services

Application Security Engineer at a fully remote federal contractor supporting secure application development, testing, and compliance for enterprise web applications.

United States Full-time Senior Application Security Engineer
$120k-$140k
Bash Burp Suite C# CI/CD Eclipse Java Linux .NET Python Selenium Unix Visual Studio
3 days, 21 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers