Staff Application Security Engineer (AI)

TL;DR

Staff Application Security Engineer (AI/Cybersecurity): Building and scaling a comprehensive security program from the ground up for an AI-powered healthcare platform with an accent on secure SDLC, threat modeling, and architectural reviews. Focus on assessing AI models, agents, and architectures while automating security controls and mentoring engineering teams.

Location: Hybrid (San Francisco Office); Must be based in the United States

Salary: $228,000 – $290,000 + Equity

Company

hirify.global is an AI-powered platform purpose-built for medical conversations, transforming patient-clinician interactions into structured clinical notes in real-time.

What you will do

• Lead advanced threat modeling and security architecture reviews for complex systems and new AI-driven products.
• Define and implement the technical roadmap for the Application Security program, establishing scalable assurance and guardrails.
• Perform in-depth manual and tool-assisted secure code reviews, focusing on logic and authorization vulnerabilities.
• Lead internal penetration testing and design the end-to-end vulnerability management program.
• Mentor product and engineering teams on secure coding practices, product defense, and remediation strategies.
• Act as a subject matter expert for the security incident response team to investigate and resolve security events.

Requirements

• 10+ years of direct experience in Application Security with a history of implementing security at scale.
• Deep proficiency in major programming languages (Python and NextJS are highly preferred).
• Extensive experience securing Cloud environments (GCP) and containerization technologies like Kubernetes.
• Expert-level knowledge of web security, APIs, IAM (RBAC, ABAC), and applied cryptography.
• Deep understanding of the security of AI/ML models, agents, and associated systems.
• Must be based in the US for compensation and operational alignment.

Nice to have

• Proven experience contributing to open-source security tools or publishing security research.
• Experience managing bug bounty programs and active engagement in the security industry.
• Ability to utilize security metrics to report program effectiveness to executive audiences.

Culture & Benefits

• Comprehensive medical, dental, and vision coverage with monthly HSA contributions.
• 401(k) matching and competitive equity grants.
• Flexible PTO, 14 paid holidays, and paid sabbatical leave after 5 years of employment.
• Generous paid parental leave and financial support for family forming.
• Lifestyle wallet for fitness, coworking, and professional development.
• Mental health support with dedicated access to therapy and coaching.