Lead the Application Security team, including hiring, mentoring, and performance management.
Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g., PCI, SOC 2).
Partner closely with Engineering, Product, QA, Infrastructure, and DevOps leadership to embed security early in the SDLC.
Oversee security design reviews and code security reviews across: Go-based microservices, Ruby-based monolith applications
Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
Own and continuously improve the organization’s threat modeling framework and ensure it’s embedded in new feature development and architectural changes.
Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
Drive meaningful reporting dashboards for Development and Engineering leadership.
Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.

Requirements

8+ years of experience in Application Security or Secure Software Engineering
3+ years leading or managing technical security teams
Strong hands-on experience with: Ruby (Rails) application security, Go (Golang) application security
Deep knowledge of: Secure SDLC practices, Threat modeling methodologies (e.g., STRIDE, attack trees), SAST and SCA tools and rule tuning, OWASP Top 10 and API Security Top 10
Experience integrating security tools into CI/CD pipelines.
Familiarity with cloud-native application security in AWS environments.
Strong understanding of microservices security patterns (service-to-service auth, token handling, API gateways, etc.).
Strong communicator capable of influencing senior engineering leaders.

Benefits

Competitive salary and benefits with growth-company options grant
Fast-paced and professional work culture
Stock options with standard startup vesting - 1 year cliff; 4 years total
$50 monthly communication expense stipend to go towards your phone/internet bill
$250 stipend to enhance your WFH setup
Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
Premium medical benefits including vision and dental (100% coverage for employees)
Company-sponsored life and disability insurance
Paid parental bonding leave
Paid sick leave, jury duty, bereavement
401k plan
Flexible Time Off (our team members typically take off ~3-4 weeks per year)
Volunteer Time Off
13 scheduled holidays

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Application SecuritySecure Software EngineeringRubyGoSecure SDLC practicesThreat modeling methodologiesSAST toolsSCA toolsCI/CD integrationmicroservices security patterns

Soft Skills

leadershipmentoringcommunicationinfluencingperformance management