Bastion

Security Engineer, Application

Bastion

full-time

Posted on:

Location: New York • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $215,000 per year

Job Level

Mid-LevelSenior

Tech Stack

GoPythonRustSDLCTypeScriptWeb3

About the role

  • Define and implement security architecture across Bastion’s backend and frontend systems
  • Drive threat modeling, secure code practices, and proactive vulnerability identification
  • Build and run Bastion’s vulnerability management process, including triage and remediation of bug bounty reports
  • Lead third-party audits, ensure audit readiness, and generate customer-facing security reports
  • Serve as a security advisor to engineering teams, providing guidance on secure design and implementation patterns
  • Champion security culture through internal education and tooling
  • Take ownership of application security across the stack, from threat modeling to production hardening
  • Define core security processes (vulnerability management, audits) and work closely with engineering

Requirements

  • Bachelor’s degree in Computer Engineering or a related field
  • 3+ years of experience in application or product security (startup or high-growth environment preferred)
  • Proficiency in at least one of: Python, TypeScript, Rust, or Go
  • Experience designing and implementing security controls for web applications and APIs
  • Familiarity with vulnerability management and secure SDLC practices
  • Experience leading vulnerability management, triage, and bug bounty remediation
  • Experience with third-party security audits and audit readiness
  • Ability to advise engineering teams on secure design and implementation patterns
  • Champion security culture through internal education and tooling
  • Willingness to commute to NYC 2-3 days per week (may be based in NYC office)
  • Authorized to work in the United States; company participates in E-Verify
  • Consent to criminal background check (offers contingent on passing)
  • Nice to have: Web3 security or blockchain infrastructure experience
  • Nice to have: Background in cryptographic systems or key management
  • Nice to have: Software engineering background with ability to ship secure features