20 appsec engineer jobs at 20 companies in Fairfield, CA
🚀PromotedHiringCafe
Founding Backend / Infra Engineer
Cupertino, CA, US
$160k-$300k/yrOn-SiteFull Time
HiringCafe: Building a 100× better job search engine to take on Indeed and LinkedIn.
Own the crawlers, pipelines, and infrastructure powering a real-time job search engine. Strong Node.js and Python fundamentals; bonus points for security and reverse-engineering chops.
Austin or Chicago or Denver or Los Angeles or San Diego or San Francisco or United States or Australia or New Zealand or Canada or United Kingdom or Philippines
$131k-$169k/yrHybridFull Time
Karbon: Practice management software for accounting firms.
4+ YOE4+ years security/development experience embedding AppSec in SDLC, cloud (Azure/AWS/GCP), SAST/SCA/DAST configuration, CI/CD security, code review, Python/PowerShell/Bash, and strong communication skills.
Boston or Chicago or Los Angeles or New York or San Francisco or Toronto or Vancouver or Vancouver
$145k-$175k/yrRemoteFull Time
Later: Provides software for social media scheduling and influencer marketing.
5+ YOE5+ years security engineering experience; strong application, cloud, and infrastructure security; SOC 2 and compliance experience; vulnerability management, IaC and CI/CD security; strong communication and software engineering skills.
OWASP, NIST, CIS Controls, SOC 2, ISO 27001, AWS Security Hub, Azure Security Center, GCP Security Command Center, SIEM, SOAR, Terraform, CloudFormation, C#, CI/CD
Merge: Unified API platform for connecting B2B software integrations.
3+ YOE3+ years security engineering with product/application focus; familiarity with OWASP, threat modeling, secure code review, SAST/DAST/SCA and CI/CD integration; able to read/write code; SaaS/API experience.
San Francisco or Toronto or United States or Canada
$180k-$260k/yrHybridFull Time
EvenUp: AI-powered document generation and analysis for personal injury law.
5+ YOE5+ years in security-focused engineering with hands-on architecture, SAST/DAST and CI/CD integration, cloud and application security, experience securing AI systems, strong scripting (Python) and relevant cybersecurity certification.
DoorDashNASDAQ: DASH: On-demand delivery platform connecting consumers with local merchants.
10+ YOE10+ years product security engineering experience; expertise in auth/authz, OWASP top 10, secure microservices, code reviews; hands-on in at least one OO language (Java or Golang); technical leadership and stakeholder management skills.
Corridor: Secures software codebases using AI-powered autonomous vulnerability detection.
5+ YOE5+ years in sales engineering or pre-sales, experience selling to security/AppSec or developer-tools buyers; strong technical demo/POV, and travel up to ~30%.
Git, CI/CD, IDEs, Code Review, Cursor, Claude Code, GitHub Copilot
Apollo Research: Developing technical evaluations to detect and mitigate AI scheming risks.
5+ YOE5+ years hands-on security experience; threat modeling, red‑teaming, and attack design for software/AI systems; application/cloud/product security; able to read code, evaluate infra and controls, and produce clear security artifacts.
United States or Canada or San Francisco or New York City or Seattle
$190k-$273k/yrRemoteFull Time
Apollo.io: AI-powered platform for B2B sales intelligence and outreach automation.
5+ YOE5+ years software engineering or application security experience; strong coding skills (Ruby, Python), Linux and GCP familiarity, deep AppSec/vulnerability management, pen-testing and SAST experience, AI security, and strong communication.
NexHealth: Connects patient experience software with electronic health records.
5+ YOE5+ years software engineering; 1–3+ years security; backend in Python/Go/Java; OAuth/JWT; AWS/Google Cloud; OWASP; SAST/DAST; RBAC; Bachelor's in CS/Engineering.
Vast.ai: Decentralized marketplace for GPU cloud computing resources.
Bachelor's in CS/cybersecurity, strong programming (Python or C), deep Linux and containerization knowledge, offensive and defensive security experience, familiarity with SOC 2/NIST, and security testing tools.
VisaNYSE: V: Global payment technology facilitating electronic funds transfers.
5+ YOE5+ years relevant experience with a Bachelor's (or alternate experience paths). Strong software development and scripting (Python, JavaScript/TypeScript, Java, Go, Bash, PowerShell), cloud, CI/CD, containerization, and cybersecurity experience; familiarity with AI-assisted development and vulnerability management.
San Francisco or Knoxville or New York City or Arizona or California or Colorado or Connecticut or Florida or Georgia or Illinois or Louisiana or Massachusetts or Minnesota or North Carolina or New Jersey or Nevada or New York or Ohio or Pennsylvania or South Carolina or Tennessee or Texas or Washington or Virginia or District of Columbia
$150k-$224k/yrRemoteFull Time
Verana Health: Curates real-world clinical data to accelerate medical research and insights.
5+ YOE5+ years backend development with Java and Spring Boot, experience with AWS, Docker, Kubernetes, CI/CD, TDD/JUnit, REST/microservices, observability (Datadog, CloudWatch, OpenTelemetry), mentoring skills, and experience with RDBMS, Elasticsearch and NoSQL.
Qualia: Cloud platform for digital real estate closing and settlement.
5+ YOE2+ Mgmt5+ years security or full-stack engineering; 2+ years managing security or platform team; hands-on AppSec; automation with AI/LLMs; fintech/real estate familiarity preferred.
Ivo: AI-powered contract review and intelligence platform for legal teams.
4+ YOE5+ years in application security; hands-on web pen testing; TypeScript/Node and Python; cloud security in GCP/Azure; manage pen tests; secure coding; strong communication.
Material Security: Protects sensitive data within cloud email and office platforms.
Proven IC-to-manager security engineering experience; deep technical fluency in Detection, AppSec, or InfraSec; strong operational discipline for on-call and incident response; ability to drive cross-functional security strategy.
Melbourne or Sydney or San Francisco or New York City
HybridFull Time
Blinq: A platform for creating and sharing digital business cards.
Tech-lead level backend/security experience with Node.js/TypeScript, cloud (GCP), infrastructure-as-code (Pulumi/Terraform), Datadog and EDR, SAST/DAST and dependency scanning, IAM/OAuth/SSO, SOC 2/ISO 27001/GDPR exposure, and experience leading security and incident response.
Washington or Los Angeles or Troy or New York or Houston or Chicago or Grand Rapids or Owings Mills or Baltimore or Columbia or Richmond or Memphis or Raleigh or Boston or San Jose or San Francisco or Austin or Kalamazoo or Spokane or Denver or Fort Worth or Atlanta or Orlando or Dallas or Wilmington or Phoenix or San Antonio or Milwaukee or Madison or McLean or Huntsville or Melville or Woodbridge or Stamford or Miami or Philadelphia or Charlotte or Greenville or West Palm Beach or Costa Mesa or St. Louis or Fort Lauderdale or Seattle or Rosemont or Pittsburgh or Tulsa or Cincinnati or Cleveland or Columbus or Akron or Cherry Hill or Tampa or Minneapolis or Anchorage or Salt Lake City or Norfolk or Jacksonville or Boulder or Nashville or Oak Brook or Las Vegas or Indianapolis or San Diego or Potomac or Walnut Creek or Daphne or Baton Rouge or Metairie or Grenada or Hattiesburg or Brentwood or Jackson or Miramar Beach or Tallahassee or Mobile
$151k-$193k/yrOnsiteFull Time
BDO USA: Provides accounting, tax, and business advisory services to organizations.
7+ YOEBachelor's in CS/IT/Cyber/Data Science required, 7+ years in enterprise architecture/security/governance or AI engineering, experience with Microsoft Azure AI platforms, AI risk assessments and governance frameworks, and leadership/mentoring experience.
Microsoft Azure, Azure AI, Azure OpenAI, Azure AI Foundry, LangChain, Semantic Kernal, NIST AI RMF, ISO 42001, ISO 27001, OWASP, SANS