Unit21

Application Security Engineer

Unit21

full-time

Posted on:

Location Type: Hybrid

Location: San Francisco • California • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $155,000 - $175,000 per year

Job Level

Mid-LevelSenior

Tech Stack

AWSCloudDockerGoGoogle Cloud PlatformKubernetesPythonTerraformTypeScript

About the role

  • Design, code, and deploy automated security controls, services, and frameworks to prevent vulnerabilities at scale.
  • Build, own, and operate the tools and infrastructure for our application security program, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning solutions.
  • Perform hands-on threat modeling, security architecture reviews, and in-depth code reviews (Python/TypeScript) for new products and critical features to ensure they are secure by design.
  • Conduct penetration tests and vulnerability assessments against our applications and APIs to proactively identify and remediate security weaknesses.
  • Develop custom tools and automation to streamline security operations and enhance our detection and response capabilities.
  • Act as a key member of our incident response team during security events.
  • Mentor and educate product engineers on secure coding best practices, acting as a subject matter expert and fostering a culture of security ownership.

Requirements

  • 4+ years of hands-on experience in a software engineering or application security role, with a proven track record of shipping code and building security solutions.
  • Demonstrated history of successful cross-organizational efforts and the ability to drive complex technical projects to completion.
  • Expert-level proficiency in Python, including experience building security tools, automation scripts, or backend services.
  • Professional experience with Go or TypeScript is a significant plus.
  • Deep, hands-on knowledge of common application vulnerabilities, such as the OWASP Top 10, and their mitigation techniques.
  • Proven experience integrating, fine-tuning, and operating security tools (e.g., SAST, DAST, SCA) within developer workflows.
  • Experience conducting manual penetration tests and vulnerability assessments on web applications and APIs.
  • Previous experience implementing protections for Generative AI systems is a significant plus.
  • Hands-on experience securing public cloud environments (AWS or GCP).
  • Basic proficiency with Infrastructure as Code (e.g., Terraform) and containerization technologies (e.g., Docker, ECS, or Kubernetes), including best practices for securing them.
Benefits
  • Competitive salary and pre-IPO stock options
  • 100% company-paid medical, dental and vision insurance (for employee)
  • Optional HSA and FSA medical reimbursement accounts
  • Unlimited paid time off
  • Generous leave programs for life events
  • 401(k)
  • Charity matching
  • Annual Learning & Development stipend
  • One-time Home office set-up stipend
  • Commuter benefits
  • Wellness Bundle: One Medical, Headspace, Gympass and Carrot Fertility
  • Happy hours and team-building events
  • Great office space in the San Francisco Financial District
  • Fully stocked kitchen
  • Lunch and dinner provided in SF office at least 3x per week
  • A great company culture with a strong emphasis on diversity, equity and inclusion

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
PythonTypeScriptGoStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Software Composition Analysis (SCA)penetration testingvulnerability assessmentsInfrastructure as Code (Terraform)containerization (Docker, ECS, Kubernetes)
Soft skills
mentoringcross-organizational collaborationproject managementcommunicationsecurity ownership