Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
P

Senior AppSec Engineer

PrizePicks

Senior AppSec Engineer handling application security at PrizePicks. Supporting security tooling and providing guidance through development processes.

Posted 5/1/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $90,000 - $180,000 per yearWebsite

Tech Stack

Tools & technologies
Jenkins

About the role

Key responsibilities & impact
  • Own the Pipeline: Support and optimize application security tooling (SAST, SCA, Secrets Detection) within our CI/CD pipelines to provide accurate, actionable, and prioritized alerts to devs.
  • Be a Security Champion: Act as the primary security partner for Engineering and Product teams, ensuring security is baked in from the design phase through deployment.
  • Threat Modeling: Lead collaborative threat modeling exercises to identify architectural risks before code is even written. Partner with penetration testing teams to translate these threats into targeted testing scenarios for high-risk functions.
  • Code-Level Remediation: Don’t just tell devs what is wrong—show them how to fix it by performing deep-dive code reviews and providing actionable remediation guidance.
  • Secrets Management: Help lead the charge in identifying and removing hard-coded secrets, moving the org toward more secure, automated secret management practices.
  • Bug Bounty & Research: Help manage our bug bounty program by triaging submissions, working with researchers, and validating fixes with our engineers.
  • Secure AI Integration: Serve as the security consultant for AI/ML initiatives. Partner with engineering to design secure "LLM-backed" features, focusing on prompt injection prevention, data privacy/sanitization, and secure integration of third-party AI APIs.
  • Incident Response: Support the team during application-related security incidents, bringing your deep knowledge of code and logic to the table.
  • Feature Validation: Perform security assessments on new features to help identify logic flaws that automated scanners might miss. Partner with our penetration testing team on high-risk releases to exchange knowledge and continuously sharpen your offensive security skillset.
  • Strategic Communication: Translate technical vulnerabilities into business risk. You’ll be responsible for documenting and presenting findings in a way that is actionable for engineers and understandable for leadership.

Requirements

What you’ll need
  • 3+ years of experience in software development, mobile development, or application security. You are comfortable reading unfamiliar code and can speak Developer fluently.
  • CI/CD Pipeline Expertise: Hands-on experience integrating security tools (SAST, DAST, SCA, Secrets Detection) into automated workflows (e.g., GitHub Actions, GitLab CI, Jenkins). You know how to tune these tools to prevent alert fatigue.
  • Deep knowledge of the OWASP Web Security Testing Guide (WSTG) and/or Mobile Application Security Testing Guide (MASTG) and the ability to think like a threat actor.
  • Experience conducting Threat Modeling to catch flaws before they are built.
  • Familiarity with the OWASP Top 10 for LLMs. You understand the unique risks of integrating AI into a production stack and can advise on how to build guardrails around model inputs and outputs.
  • Experience supporting an Incident Response (IR) process, specifically providing the AppSec perspective to help scope an exploit and verify if a patch truly mitigates it.
  • A deep understanding of how web applications work. You know your way around HTTP headers, JWTs, CORS, and auth flows, and you can validate them manually when the scanners fail.
  • Proven ability to define risks in both technical and business terms.

Benefits

Comp & perks
  • Company-subsidized medical, dental, & vision plans
  • 401(k) plan with company match
  • Annual bonus
  • Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
  • Generous paid leave programs, including 16-week paid parental leave and disability benefits
  • Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
  • Company-wide in-person events and team outings
  • Lifestyle enhancement program
  • Company equipment provided (Windows & Mac options)
  • Annual performance reviews with opportunities for growth and career development

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
application securitySASTSCASecrets Detectionthreat modelingcode reviewsincident responseweb application securityOWASP Top 10HTTP headers
Soft Skills
strategic communicationcollaborationproblem-solvingtechnical documentationleadership