Senior Application Security Engineer (Cybersecurity)

TL;DR

Senior Application Security Engineer (Cybersecurity): Driving application security outcomes across engineering organization with an accent on secure design, authentication, identity flows, API security, and cloud-native application risks. Focus on threat modeling, attack-path analysis, resolving complex security challenges, and designing automated security tooling.

Hybrid: Austin, TX / Dallas, TX / San Francisco Bay Area, CA / Morristown, NJ

$151,000 - $226,250 (Morristown, NJ and San Francisco Bay Area)

Company

Hippo provides tailored insurance coverage and preventative maintenance plans for homeowners, reimagining home care experiences.

What you will do

• Serve as subject matter expert providing guidance on secure design, authentication, identity flows, API security, and cloud-native risks.
• Act as security advisor in architecture reviews, design discussions, and risk assessments across teams.
• Identify and communicate application-centric security risks in code, CI/CD, identity systems, and cloud environments.
• Own resolution of complex application security challenges with organizational impact.
• Apply threat modeling and adversarial thinking to improve application resilience.
• Design and operationalize automated security tooling like SAST, DAST, SCA, and secrets detection.
• Mentor engineers to elevate secure design practices at scale.

Requirements

• 6+ years in application security or product security roles.
• Experience improving application security across multiple teams or domains.
• Deep expertise securing web apps, APIs, distributed systems, WAFs, and identity platforms.
• Strong knowledge of OAuth2, OIDC, SAML, JWT, MFA.
• Ability to review designs, data flows, and identify architectural risks.
• Understanding of cloud-native architectures and CI/CD from application risk perspective.
• Experience with automated security tooling (SAST, DAST, SCA, secrets detection).
• Proficiency in modern programming languages.

Nice to have

• Threat modeling or assessing AI/LLM features.
• Application-focused penetration testing.
• Familiarity with Kubernetes, container security, infrastructure-as-code.
• Experience in regulated environments.
• Relevant certifications (OSWE, GWAPT, CSSLP).

Culture & Benefits

• Multiple medical plans, 100% employer-covered dental & vision, 401(k), disability, life insurance, FSA, EAP.
• Equity compensation eligibility.
• Training and internal career growth opportunities.
• Flexible time off.
• 12 weeks parental leave for primary and secondary caregivers.
• Snacks, drinks, catered lunches for onsite employees.