204 application security engineer jobs at 144 companies in California

PromotedHiringCafe
Founding Backend / Infra Engineer
Cupertino, CA, US
$160k-$300k/yr On-SiteFull Time
HiringCafe
HiringCafe: Building a 100× better job search engine to take on Indeed and LinkedIn.
Own the crawlers, pipelines, and infrastructure powering a real-time job search engine. Strong Node.js and Python fundamentals; bonus points for security and reverse-engineering chops.
Node.js, Python, Elasticsearch, Redis
3w
Save
Mark Applied
Hide
Staff Application Security Engineer
San Francisco or United States
$240k-$300k/yr HybridFull Time
Brex
Brex: Corporate cards and spend management software for businesses.
8+ YOE8+ years in application/product security or related software engineering; technical leadership and mentorship experience; expertise in AI security, threat modeling, cloud-native container security (AWS, Kubernetes); proficiency in Python/Go; strong communication skills.
Python, Go, Kotlin, gRPC, GraphQL, Kubernetes, AWS, LLM
1w
Save
Mark Applied
Hide
Senior Security Application Engineer
Palo Alto, California, United States
$200k-$235k/yr OnsiteFull Time
BitGo
BitGoNYSE: BTGO: Provides secure infrastructure for institutional digital asset management.
8+ YOE8+ years building and scaling application security programs for FinTech/Web3; strong engineering background in distributed systems, Python or Java, Kubernetes, AWS, Terraform; experience with SAST/DAST, CI/CD security automation, KMS/encryption, SOC 2/GDPR controls, and securing AI/ML lifecycles.
SAST, DAST, CI/CD, Terraform, Kubernetes, AWS, Python, Java, KMS, MLOps, LLM
6d
Save
Mark Applied
Hide
Lead Application Security Engineer
San Francisco, California, United States
$140k-$180k/yr RemoteFull Time
Zeta Global
Zeta GlobalNYSE: ZETA: Provides an AI-powered marketing platform for enterprise customer engagement.
5+ YOEBachelor's or equivalent,5+ years application security experience,knowledge of OWASP and threat modeling,AI/ML security familiarity,cloud and container experience,experience with security automation and tooling.
React, Node.js, Django, FastAPI, OAuth2, OIDC, JWT, AWS, GCP, Azure, Docker, Kubernetes, Semgrep, SonarQube, Burp Suite, OWASP ZAP, Trivy, Snyk, GitHub Advanced Security
2mo
Save
Mark Applied
Hide
Staff Application Security Engineer
New York or San Francisco or London
$185k-$260k/yr OnsiteFull Time
Bitwise Asset Management
Bitwise Asset Management: Specialized crypto-focused asset manager and index fund provider.
7+ YOE7+ years in application security, hands-on SAST/DAST, secure SDLC and CI/CD security, dependency and supply-chain security, threat modeling (STRIDE/PASTA), penetration test coordination, secrets management experience.
SAST, DAST, CI/CD, Socket.dev, HashiCorp Vault, AWS Secrets Manager, STRIDE, PASTA
3w
Save
Mark Applied
Hide
Security Engineer, Application Security
San Francisco, California, United States
$200k-$325k/yr OnsiteFull Time
Serval
Serval: AI platform for automating IT and enterprise service workflows.
10+ YOE10+ years in cybersecurity with deep expertise in application security, secure SDLC, vulnerability management, secure cloud-native architecture, leadership experience, and strong software engineering skills.
SAST, DAST, SCA, secrets scanning, fuzzing, CI/CD
1mo
Save
Mark Applied
Hide
Senior Application Security Engineer
New York or Los Angeles or San Francisco
$165k-$190k/yr HybridFull Time
Tatari
Tatari: A platform for buying and measuring TV advertising campaigns.
Production Python experience, significant hands-on application security experience, threat modeling, building security tooling/automation, familiarity with AWS and Kubernetes, and SAST/DAST/SCA/CI-CD integration.
Python, Java, Rust, AWS, Kubernetes, OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS, SAST, DAST, SCA, CI/CD
2mo
Save
Mark Applied
Hide
Application Security Engineer
San Francisco, California, United States
HybridFull Time
Opal Security
Opal Security: Provides intelligent identity governance and enterprise access management solutions.
4+ YOE4+ years in application security or software security engineering; writing production code; strong auth: OAuth 2.0, OIDC, SAML; experience with AWS and containers; Go/TypeScript; security tooling; incident response.
Go, TypeScript, React, PostgreSQL, Redis, GraphQL, AWS, Kubernetes, Docker
1mo
Save
Mark Applied
Hide
Senior Application Security Engineer - Moveworks
Mountain View, California, United States
OnsiteFull Time
ServiceNow
ServiceNowNYSE: NOW: Provides a cloud platform for automating enterprise digital workflows.
5+ YOE5+ years in application security, 3+ years penetration testing, experience with SAST/DAST, Snyk, GitHub Dependabot, Burp Suite, Python/Golang, cloud security (AWS/GCP/Azure), and AI/LLM security; BS or equivalent.
SAST, DAST, Snyk, GitHub Dependabot, Burp Suite, Python, Golang, AWS, GCP, Azure
5d
Save
Mark Applied
Hide
Application Security Engineer
San Francisco, California, United States
$145k-$180k/yr HybridFull Time
HeartFlow
HeartFlowNASDAQ: HTFL: Provides AI-driven non-invasive cardiac diagnostic software and analysis.
5+ YOE5+ years experience, ≥1 year in application security or security work in development; BS or equivalent/certifications; experience with secure SDLC, threat modeling, SAST/DAST/SCA, and vulnerability management.
C++, Python, Claude Code, GitHub Copilot, SAST, DAST, SCA, CI/CD, AWS, Terraform, Chef, Ansible, Docker, Kubernetes, GitHub Actions
2mo
Save
Mark Applied
Hide
Application Security Engineer
San Francisco or New York City or Seattle
OnsiteFull Time
Braintrust
Braintrust: Platform for evaluating and monitoring AI model performance.
5+ YOE5+ years in application security or backend engineering; strong skills in TypeScript/Node.js, Python, Go, or Rust; deep web/API vulnerability knowledge; experience building secure-by-default libraries; authn/authz design; multi-tenant data isolation; secrets management; VS real-time data platform familiarity.
TypeScript, Node.js, Python, Go, Rust, PostgreSQL, Redis, AWS
1w
Save
Mark Applied
Hide
Principal / Staff Application Security Engineer
Bengaluru or Palo Alto
$210k-$270k/yr HybridFull Time
AiDash
AiDash: Satellite-first AI platform for utility and infrastructure resilience
8+ YOE8+ years security engineering with AppSec depth; hands-on LLM/GenAI security and AWS cloud security; experience with SAST/DAST/SCA, IaC policy-as-code, SBOM tooling, and compliance (SOC 2/ISO).
Semgrep, CodeQL, Snyk, Veracode, OPA/Rego, Checkov, Kyverno, tfsec, Interlynk, Anchore, Dependency-Track, Promptfoo, Garak, DeepEval, Giskard, Nightfall, Lakera Guard, Cyberhaven, Harmonic Security, Protect AI, NVIDIA NeMo Guardrails, CrowdStrike, SentinelOne, Defender, AWS, Kubernetes, SAST, DAST, SCA, SBOM, AIBOM, CSPM, CNAPP, SLSA
1w
Save
Mark Applied
Hide
Staff Security Engineer, Application Security
Chicago or California or Colorado or Florida or Georgia or Illinois or Indiana or Minnesota or Missouri or Montana or New Jersey or New York or North Carolina or Ohio or Oregon or Pennsylvania or South Carolina or Texas or Utah or Vermont or Virginia or Washington or Washington or Wisconsin
$210k-$260k/yr HybridFull Time
NinjaTrader
NinjaTrader: Provides futures brokerage services and a trading software platform.
7+ YOE7+ years in application/product/security engineering; hands-on threat modeling, vulnerability management, secure design, CI/CD integration, automation using Python/Go; experience with cloud-native AWS/GCP environments.
AWS, GCP, Python, Go, SAST, SCA, DAST, CI/CD, AI/LLMs
2w
Save
Mark Applied
Hide
Application Security Engineer
Long Beach, California, United States
$108k-$140k/yr HybridFull Time
Laserfiche
Laserfiche: Provides software for document management and business process automation.
1+ YOEBachelor's in CS/InfoSec required; 1+ years software or application security experience; familiarity with Git/CI-CD, cloud (AWS/Azure), containers, SAST/DAST/SCA, scripting (Python, JavaScript, C#, Java); Security+ or eJPT beneficial.
SAST, DAST, SCA, CI/CD, Git, AWS, Azure, Docker, Kubernetes, Python, JavaScript, C#, Java, OWASP Top 10
2mo
Save
Mark Applied
Hide
Lead Application Security Engineer
San Francisco, California, United States
$225k-$400k/yr OnsiteFull Time
Ivo
Ivo: AI-powered contract review and intelligence platform for legal teams.
4+ YOE5+ years in application security; hands-on web pen testing; TypeScript/Node and Python; cloud security in GCP/Azure; manage pen tests; secure coding; strong communication.
SAST, DAST, SCA, IaC scanning, secrets detection, OWASP, Firebase Auth, WorkOS, SAML, OAuth, SSO, RBAC, Kubernetes security, cloud security
1mo
Save
Mark Applied
Hide
Senior Application Security Engineer
United States or Canada or San Francisco or New York City or Seattle
$190k-$273k/yr RemoteFull Time
Apollo.io
Apollo.io: AI-powered platform for B2B sales intelligence and outreach automation.
5+ YOE5+ years software engineering or application security experience; strong coding skills (Ruby, Python), Linux and GCP familiarity, deep AppSec/vulnerability management, pen-testing and SAST experience, AI security, and strong communication.
Ruby, Python, Linux, GCP, SAST
1w
Save
Mark Applied
Hide
Principal Application Security Engineer
California, United States
$177k-$225k/yr RemoteFull Time
iHerb
iHerb: Global e-commerce retailer of health and wellness products.
8+ YOE8+ years technical security leadership, SDL and automation experience, strong application/cloud security knowledge, proficiency with threat modeling and security tooling, degree or equivalent experience.
DAST, SAST, SCA, Cloudflare, AWS VPCs, EC2, docker, Python, C# .NET, JavaScript, node.js, Java
1w
Save
Mark Applied
Hide
Staff+ Application Security Engineer - M&A
San Francisco or Seattle or New York City
$320k-$485k/yr HybridFull Time
Anthropic
Anthropic: Developing safe and reliable artificial intelligence systems.
Hands-on application and infrastructure security experience, production-quality coding in Python/Go/Rust/TypeScript, threat-modeling, vulnerability ID, clear communication, and ability to assess unfamiliar codebases under time pressure.
Python, Go, Rust, TypeScript, Claude, SAST, DAST, LLMs, bug bounty
1mo
Save
Mark Applied
Hide
Staff Application Security Engineer
San Francisco or New York City or Pittsburgh
$228k-$290k/yr HybridFull Time
Abridge
Abridge: Automates medical documentation through AI-powered speech analysis
10+ YOE10+ years in application security, expertise in threat modeling, secure code review, vulnerability management, incident response, programming (Python, NextJS), cloud security (GCP), Kubernetes, and AI/ML security; strong communication and leadership skills.
Python, NextJS, GCP, Kubernetes
2mo
Save
Mark Applied
Hide
AI Application Security Engineer
San Francisco, California, United States
HybridFull Time
Brain Co.
Brain Co.: Builds AI software platforms for governments and large enterprises.
5+ YOE5+ years in application or product security; hands-on security tooling and coding; strong knowledge of application security fundamentals; experience with AI-enabled security.
Python, Go, TypeScript, SAST/DAST tooling
1mo
Save
Mark Applied
Hide
Senior Application Security Engineer
San Jose, California, United States
$100k-$150k/yr HybridFull Time
Credo Semiconductor
Credo SemiconductorNASDAQ: CRDO: Designing high-speed semiconductor connectivity solutions for data infrastructure.
5+ YOE5+ years application/product security; 3+ years Secure SDLC leadership; expertise in secure coding, threat modeling, code review, vulnerability management; proficiency in C, C++, Python; DevSecOps and CI/CD automation.
C, C++, Python, GitHub, GitLab, CI/CD, SAST, DAST, SCA, Secrets Scanning, Container Security, PILOT, AWS, Azure, GCP, STRIDE, NIST SSDF, NIST CSF, CIS Controls, ISO 27001

Explore Jobs

Expand Your Job Search