hims & hers

Senior Application Security Engineer

hims & hers

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $145,000 - $175,000 per year

Job Level

Senior

Tech Stack

Cyber SecurityDockerGraphQLKubernetesTerraform

About the role

  • Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities in applications
  • Perform code reviews and provide secure coding guidance to development teams
  • Implement and maintain GitHub Advanced Security, including secret scanning and code scanning
  • Assess and improve security of Infrastructure as Code (IaC) deployments using Terraform
  • Evaluate container security in our Docker and Kubernetes environments
  • Support CI/CD security integration and automation
  • Conduct penetration testing and red team/purple team exercises on applications
  • Review and secure API implementations, with focus on GraphQL security
  • Evaluate AI/ML model security and implement protections against prompt injection and other AI-specific threats
  • Collaborate with the Staff AppSec Engineer on CIAM and advanced AI security initiatives
  • Maintain security documentation and contribute to security awareness training

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
  • 5-8 years of experience in application security or related security field
  • Hands-on coding experience and ability to review code in multiple languages
  • Professional experience with SAST tools (e.g., SonarQube, Checkmarx, Fortify)
  • Professional experience with DAST tools (e.g., Burp Suite, OWASP ZAP)
  • Professional experience with SCA tools (e.g., Snyk, Black Duck, WhiteSource)
  • Experience with GitHub Advanced Security features
  • Container security scanning and IaC security scanning tools experience
  • Strong understanding of OWASP Top 10 and secure coding practices
  • Experience with penetration testing methodologies
  • Knowledge of security frameworks: NIST CSF, NIST 800-53, SOC 2, PCI DSS
  • Excellent communication skills to articulate security findings to technical and non-technical stakeholders.
Benefits
  • Competitive salary & equity compensation for full-time roles
  • Unlimited PTO, company holidays, and quarterly mental health days
  • Comprehensive health benefits including medical, dental & vision, and parental leave
  • Employee Stock Purchase Program (ESPP)
  • 401k benefits with employer matching contribution
  • Offsite team retreats
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SASTDASTSCAGitHub Advanced SecurityTerraformDockerKubernetespenetration testingAPI securityAI/ML security
Soft Skills
communication