Senior Application Security Engineer

TL;DR

Senior Application Security Engineer (Cybersecurity): Driving application security outcomes across engineering organization with an accent on secure design, authentication, identity flows, API security, and cloud-native application risks. Focus on threat modeling, attack-path analysis, automated security tooling, and mentoring engineers to elevate secure practices at scale.

Location: Austin, TX / Dallas, TX / San Francisco Bay Area, CA / Morristown, NJ (hybrid)

Salary: $151,000 - $226,250 (Morristown, NJ and San Francisco Bay Area base pay)

Company

hirify.global provides tailored insurance coverage and preventative maintenance plans that protect homeowners throughout their journey, including auto and flood coverage through an intuitive modern experience.

What you will do

• Serve as subject matter expert providing guidance on secure design, authentication, identity flows, API security, and cloud-native risks.
• Act as trusted advisor in architecture reviews, design discussions, and risk assessments across teams and services.
• Identify, assess, and communicate application-centric security risks in code, CI/CD pipelines, identity systems, and cloud environments.
• Own and drive resolution of complex application security challenges with organizational impact.
• Apply threat modeling and adversarial thinking to strengthen application resilience.
• Design and operationalize automated security tooling like SAST, DAST, SCA, and secrets detection.
• Mentor engineers and contribute to security standards, best practices, and incident response.

Requirements

• 6+ years in application security or product security roles with demonstrated impact across teams.
• Deep experience securing web apps, APIs, distributed systems, WAFs, and customer identity platforms.
• Strong knowledge of authentication protocols (OAuth2, OIDC, SAML, JWT, MFA).
• Ability to review designs, data flows, and identify architectural risks.
• Understanding of cloud-native architectures and CI/CD from application risk perspective.
• Experience with automated security tooling (SAST, DAST, SCA, secrets detection).
• Proficiency in modern programming languages.

Nice to have

• Threat modeling or assessing AI-powered features and LLM integrations.
• Application-focused penetration testing.
• Familiarity with Kubernetes, container security, and infrastructure-as-code related to appsec.
• Experience in regulated environments.
• Relevant certifications (OSWE, GWAPT, CSSLP).

Culture & Benefits

• Multiple medical plans, 100% employer-covered dental & vision, 401(k), short/long-term disability, life insurance, FSA, EAP.
• Equity compensation eligibility.
• Training and internal career growth opportunities.
• Flexible time off.
• 12 weeks parental leave for primary and secondary caregivers.
• Snacks, drinks, catered lunches for onsite employees.