RemoteLeaf Logo
Log in Sign up

Staff Application Security Engineer

20 hours ago
United States
Full-time
Lead
Application Security Engineer
Cybersecurity
AWS CI/CD GCP Secrets Management
Apply Now
Thumbtack

Thumbtack

Thumbtack is a platform that connects individuals with local professionals for a wide range of services, from house painting to personal training. By answering a few questions, users receive quotes from qualified professionals, making it easy to compar...

Construction & Engineering
1K-5K
Founded 2009
$698M raised
View All Jobs 40

Description

  • Own the long-term technical direction for application security across Thumbtack and drive remediation of systemic risks across the application stack.
  • Build prioritized security roadmaps and lead large, cross-functional security initiatives from problem definition through delivery.
  • Design secure-by-default architectures, standards, and paved paths for engineering teams.
  • Design and implement shared security tooling, libraries, patterns, and services that help teams ship quickly and safely.
  • Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
  • Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
  • Lead application security design reviews, architectural discussions, and threat modeling for critical systems.
  • Contribute code, reviews, and designs to address complex or novel security risks.
  • Mentor engineers and raise the overall security bar across the organization.
  • Support security incident response and drive learning through post-incident analysis.

Requirements

  • 8+ years of experience in software engineering and application security.
  • Strong understanding of secure coding practices and application security frameworks.
  • Deep expertise in secure system design and architecture.
  • Experience with modern application security tools, patterns, and practices, including threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability discovery and remediation workflows.
  • Strong experience securing modern cloud-native systems, especially AWS and/or GCP.
  • Proven track record leading large, cross-functional technical initiatives with sustained impact.
  • Strong product intuition and analytical, risk-informed thinking.
  • Ability to balance pragmatism and rigor when making tradeoffs between risk, velocity, and maintainability.
  • Strong ownership and accountability, with the ability to mentor others and drive organization-wide improvements.
  • Excellent written and verbal communication skills, including the ability to influence without authority and explain complex security issues to technical and non-technical audiences.

Benefits

  • Remote-friendly role with #LI-Remote designation.
  • Competitive salary range of $249,900-$323,400 in SF Bay Area, San Jose, New York City, or Seattle metros.
  • Competitive salary range of $225,300-$291,500 in Austin, Washington DC, California, Massachusetts, New Jersey, or Washington.
  • Competitive salary range of $212,500-$275,000 in all other U.S. locations.
  • Reasonable accommodation support for applicants with disabilities.
  • Equal opportunity workplace with consideration for qualified applicants with arrest and conviction records, consistent with applicable law.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Infatica

Application Security Consultant

Infatica 1-10 Internet Software & Services

Infatica.io is seeking an Application Security Consultant to assess and improve the security of its proxy services by analyzing product components, build and distribution processes, and external detection responses.

Spain Full-time Senior Application Security Engineer
Linux Machine Learning
31 minutes ago
Prolific

Application Security Lead

Prolific 51-250 Professional Services

Prolific is hiring an Application Security Lead to own application security strategy and embed secure development practices across its engineering organization while protecting a platform that handles sensitive data at scale.

United Kingdom Full-time Lead Application Security Engineer
Burp Suite CI/CD Django GCP Kubernetes Microservices MongoDB Python Terraform Vue.js
12 hours, 40 minutes ago
Trustly

SecOps Engineer (AppSec)

Trustly 251-1K Diversified Financial Services

Trustly is seeking a remote SecOps Engineer (AppSec) to help secure its global open banking payments platform by strengthening application, cloud, and infrastructure security controls.

Brazil Full-time Mid Level Application Security Engineer
Cybersecurity GitHub Java Kubernetes Node.js OWASP Penetration Testing Python Shell Scripting
13 hours, 47 minutes ago
AlphaSense

Senior Business Applications Security

AlphaSense 251-1K Internet Software & Services

AlphaSense is hiring a Senior Business Applications Security Engineer to build and own a centralized security program for its business application ecosystem, including access, integrations, and lifecycle controls across hundreds of tools.

India Full-time Lead Application Security Engineer
OAuth Salesforce SAML
1 day ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers