Homebase (YC W21)

Staff Security Engineer, Application Security

Homebase (YC W21)

full-time

Posted on:

Location Type: Hybrid

Location: TorontoCanada

Visit company website

Explore more

AI Apply
Apply

Job Level

Lead

Tech Stack

AWSCloudPythonReactRubyRuby on Rails

About the role

  • Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs.
  • Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production.
  • Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform.
  • Drive security and product trade-off decisions at the architectural level, balancing protection with velocity.
  • Influence company-wide engineering practices and security investments through data-driven recommendations.
  • Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations.
  • Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity.
  • Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness.
  • Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure.
  • Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance.
  • Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale.
  • Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio.
  • Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements.
  • Embed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentation.
  • Partner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posture.
  • Pioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownership.
  • Provide expert guidance during security incidents and lead post-incident analysis to drive systemic improvements.
  • Curate and author security guidance, patterns, and training content that raises the security bar organization-wide.
  • Influence security decisions at the department and company level; shape how Homebase invests in security capabilities.

Requirements

  • 10+ years of progressive experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal level.
  • Deep software engineering experience in production environments, you write code, build tools, and think like an engineer first.
  • A proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scale.
  • Hands-on experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructure.
  • Strong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practices.
  • Proficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and Rails.
  • Experience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelines.
  • Exceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholders.
  • Demonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivity.
Benefits
  • 💰 Ownership & Savings: Stock options + TFSA/RRSP with 4% company match
  • 🏥 Health & Wellness: Comprehensive medical, dental, and vision for you and your dependents
  • ⏰ Time Flexibility: Flex time off + company holidays + designated focus periods
  • 👶 Family Support: Maternity/Parental Leave EI top-up support offered (after 6 months of service)
  • 🌟 Work Your Way: Work From Anywhere Month + meeting-free weeks yearly
  • 🛡️ Protection Plans: Life insurance + short/long-term disability coverage
  • 🍽️ Workspace Perks: Meals provided, team offsites, and Customer Days
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Application SecuritySecurity EngineeringAI-native applicationsLLM integrationsModel pipelinesWeb application securityCloud-native securityDevSecOpsRubyPython
Soft Skills
LeadershipCommunicationMentoringData-driven decision makingCuriosityCollaborationProblem-solvingInfluencingAnalytical thinkingRisk assessment