Staff Application Security Engineer (AI)

TL;DR

Staff Application Security Engineer (Cybersecurity): Securing modern software platforms and protecting sensitive data with an accent on automated vulnerability scanning and penetration testing. Focus on implementing secure coding practices, conducting threat modeling, and integrating security reviews into the CI/CD pipeline.

Location: Hybrid (San Francisco, CA). Office attendance is required at least twice a week on Tuesdays and Thursdays.

Salary: $170,000 - $190,000

Company

hirify.global is the leading AI contracting platform that transforms agreements into assets for transformative organizations.

What you will do

• Develop and implement secure coding practices, procedures, and standards for software development teams.
• Conduct application security assessments and vulnerability testing to identify and mitigate risks.
• Perform security reviews of code changes and integrate security review processes into the CI/CD pipeline.
• Conduct threat modeling and risk analysis to protect sensitive data.
• Collaborate with SRE, Development, IT, and Security teams to drive impactful changes to the cybersecurity posture.
• Provide technical leadership and mentorship to other members of the engineering and security teams.

Requirements

• 3+ years of experience in application security or software development, preferably with SaaS companies or in regulated fields.
• In-depth knowledge of application security concepts, including OWASP Top 10 and SANS Top 25.
• Experience with security testing tools such as Burp Suite, AppScan, and Nessus.
• Strong proficiency in TypeScript or JavaScript.
• Experience operating in any major cloud provider (AWS, GCP, Azure, etc.).
• Must be based in or able to work from San Francisco, CA in a hybrid capacity.

Nice to have

• Experience with AI penetration testing.
• Knowledge of modern microservice architectures, including Kubernetes or other containerized environments.
• Experience with Terraform or other infrastructure-as-code and configuration management solutions.
• Experience with SOC 2, ISO 27001, NIST, and CIS standards and frameworks.
• Experience with SAST and SCA tools such as Snyk, Checkmarx, Veracode, WhiteSource, or Black Duck.

Culture & Benefits

• 100% health coverage for employees (medical, dental, and vision).
• 401(k) plan with employer match.
• Market-leading leave policies, including gender-neutral parental leave and compassionate leave.
• Monthly stipends for wellbeing, hybrid work, and cell phone use.
• Mental health support through Modern Health, including therapy and coaching.
• Regular team events and a culture defined by high output and low ego.