RemoteLeaf Logo
Log in Sign up

Staff Application Security Engineer

1 month, 1 week ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP Secrets Management
Apply Now
Thumbtack

Thumbtack

Thumbtack is a platform that connects individuals with local professionals for a wide range of services, from house painting to personal training. By answering a few questions, users receive quotes from qualified professionals, making it easy to compar...

Construction & Engineering
1K-5K
Founded 2009
$698M raised
View All Jobs 40

Description

  • Own the long-term technical direction for application security across Thumbtack and drive remediation of systemic risks across the application stack.
  • Build prioritized security roadmaps and lead large, cross-functional security initiatives from problem definition through delivery.
  • Design secure-by-default architectures, standards, and paved paths for engineering teams.
  • Design and implement shared security tooling, libraries, patterns, and services that help teams ship quickly and safely.
  • Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
  • Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
  • Lead application security design reviews, architectural discussions, and threat modeling for critical systems.
  • Contribute code, reviews, and designs to address complex or novel security risks.
  • Mentor engineers and raise the overall security bar across the organization.
  • Support security incident response and drive learning through post-incident analysis.

Requirements

  • 8+ years of experience in software engineering and application security.
  • Strong understanding of secure coding practices and application security frameworks.
  • Deep expertise in secure system design and architecture.
  • Experience with modern application security tools, patterns, and practices, including threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability discovery and remediation workflows.
  • Strong experience securing modern cloud-native systems, especially AWS and/or GCP.
  • Proven track record leading large, cross-functional technical initiatives with sustained impact.
  • Strong product intuition and analytical, risk-informed thinking.
  • Ability to balance pragmatism and rigor when making tradeoffs between risk, velocity, and maintainability.
  • Strong ownership and accountability, with the ability to mentor others and drive organization-wide improvements.
  • Excellent written and verbal communication skills, including the ability to influence without authority and explain complex security issues to technical and non-technical audiences.

Benefits

  • Remote-friendly role with #LI-Remote designation.
  • Competitive salary range of $249,900-$323,400 in SF Bay Area, San Jose, New York City, or Seattle metros.
  • Competitive salary range of $225,300-$291,500 in Austin, Washington DC, California, Massachusetts, New Jersey, or Washington.
  • Competitive salary range of $212,500-$275,000 in all other U.S. locations.
  • Reasonable accommodation support for applicants with disabilities.
  • Equal opportunity workplace with consideration for qualified applicants with arrest and conviction records, consistent with applicable law.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Nebius

Application Security Engineer

Nebius 51-250 Internet Software & Services

Nebius is hiring an Application Security Engineer to help secure its AI cloud platform by identifying vulnerabilities, improving secure development practices, and supporting application security across the software lifecycle.

United Kingdom Europe Netherlands Czech Republic Germany Full-time Mid Level Application Security Engineer
$81k-$259k
Burp Suite Cybersecurity Go Java JavaScript Linux OpenID Connect Penetration Testing Python SAML
19 hours, 6 minutes ago
GuidePoint Security

Senior Application Security Engineer - Southeast region (Remote)

GuidePoint Security 251-1K Internet Software & Services

GuidePoint Security is hiring a senior Application Security consultant to help client organizations strengthen and operationalize their AppSec programs through a mix of advisory work, hands-on engineering, and executive-level guidance.

United States Full-time Senior Application Security Engineer
AWS Azure CI/CD DevSecOps GCP Kubernetes Secrets Management
19 hours, 36 minutes ago
Spotify

Security Engineer- Product Security

Spotify Media

Spotify is hiring a Security Engineer for Product Security to secure its platform, infrastructure, and engineering initiatives for hundreds of millions of users across London or Stockholm.

United Kingdom Sweden Full-time Mid Level Application Security Engineer
Agile C++ CI/CD Encryption Generative AI Java Python Scala TypeScript
19 hours, 51 minutes ago
MLabs

Product Security Engineer

MLabs 11-50 Internet Software & Services

MLabs is hiring a Product Security Engineer to secure an enterprise-grade open-source proof-of-stake blockchain platform as it scales across protocol upgrades, EVM-compatible services, and cross-chain infrastructure.

Singapore United Kingdom Switzerland Germany Hong Kong Full-time Senior Application Security Engineer
$75k-$85k
Blockchain CI/CD Encryption gRPC Java Rust
20 hours, 6 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers