Staff Application Security Engineer

TL;DR

Staff Application Security Engineer (Cybersecurity): Protecting production applications and related infrastructure, and providing expert guidance to development teams on secure architecture with an accent on identifying and mitigating security issues in application architecture, code, and running states. Focus on handling complex security incidents as a technical incident commander and making accurate predictions about unknowns during incidents.

Location: New York City, United States. This is a hybrid role, requiring office attendance. Candidates must be based in the United States.

Salary: $189,000–$215,000/year (base salary) with an expected On Target Earnings (OTE) between $210,000–$245,000/year (including bonus or commission).

Company

hirify.global is a leading customer engagement platform that empowers brands to deliver great customer experiences and drive business value, recognized as a SaaS application company.

What you will do

• Join the existing Application Security team to protect production applications and their related infrastructure.
• Provide expert guidance to development teams around secure architecture for their systems.
• Effectively identify security issues in application architecture, code, and application running states.
• Communicate security requirements to developers, technical teams, and non-technical parties.
• Handle complex security incidents and escalations as a technical incident commander.
• Understand TTPs of advanced threat actors and visually pattern match data points to make accurate predictions during incidents.

Requirements

• 10+ years of experience securing an application at an IC level or higher.
• Demonstrable experience in consistently locating novel security vulnerabilities in web software.
• 5+ years experience conducting penetration tests.
• 5+ years of experience in application incident response.
• Experience with active testing against AI/LLM integrated web applications and APIs.
• Experience with scripting languages and automation.
• Direct experience in the triage/validation of vulnerabilities and providing accurate mitigation recommendations.
• Ability to read and understand Javascript, Ruby, and Kotlin.
• 5+ years of experience as an Application Security leader or sole responsible party.

Nice to have

• Experience with Mail Delivery systems or in the MarTech space.
• Experience managing a public bug bounty program.
• CVEs or published vulnerabilities, and corresponding conference talks.
• Involvement with an open source project.
• Experience with the review and risk evaluations of 3rd party integrations.
• Experience with mobile application penetration testing.

Culture & Benefits

• Competitive compensation that may include equity and retirement/employee stock purchase plans.
• Flexible paid time off and comprehensive benefit plans covering medical, dental, vision, life, and disability.
• Family services that include fertility benefits and equal paid parental leave.
• Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend.
• A curated in-office employee experience designed to foster community, team connections, and innovation.
• Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching.
• Employee Resource Groups that provide supportive communities within hirify.global.
• Collaborative, transparent, and fun culture recognized as a Great Place to Work®.