hims & hers
hims & hers offers a modern approach to health and wellness.
Senior Application Security Engineer
Application EngineerApplication EngineerFull TimeRemoteTeam 201-500Since 2017H1B No SponsorCompany SiteLinkedIn
Location
United States
Posted
47 days ago
Salary
$145K - $175K / year
Bachelor Degree5 yrs expEnglishCyber SecurityDockerGraph QLKubernetesTerraform
Job Description
• Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities in applications
• Perform code reviews and provide secure coding guidance to development teams
• Implement and maintain GitHub Advanced Security, including secret scanning and code scanning
• Assess and improve security of Infrastructure as Code (IaC) deployments using Terraform
• Evaluate container security in our Docker and Kubernetes environments
• Support CI/CD security integration and automation
• Conduct penetration testing and red team/purple team exercises on applications
• Review and secure API implementations, with focus on GraphQL security
• Evaluate AI/ML model security and implement protections against prompt injection and other AI-specific threats
• Collaborate with the Staff AppSec Engineer on CIAM and advanced AI security initiatives
• Maintain security documentation and contribute to security awareness training
Job Requirements
- Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field
- 5-8 years of experience in application security or related security field
- Hands-on coding experience and ability to review code in multiple languages
- Professional experience with SAST tools (e.g., SonarQube, Checkmarx, Fortify)
- Professional experience with DAST tools (e.g., Burp Suite, OWASP ZAP)
- Professional experience with SCA tools (e.g., Snyk, Black Duck, WhiteSource)
- Experience with GitHub Advanced Security features
- Container security scanning and IaC security scanning tools experience
- Strong understanding of OWASP Top 10 and secure coding practices
- Experience with penetration testing methodologies
- Knowledge of security frameworks: NIST CSF, NIST 800-53, SOC 2, PCI DSS
- Excellent communication skills to articulate security findings to technical and non-technical stakeholders.
Benefits
- Competitive salary & equity compensation for full-time roles
- Unlimited PTO, company holidays, and quarterly mental health days
- Comprehensive health benefits including medical, dental & vision, and parental leave
- Employee Stock Purchase Program (ESPP)
- 401k benefits with employer matching contribution
- Offsite team retreats
Related Guides
Related Categories
Related Job Pages
More Application Engineer Jobs
Staff Application Security Engineer
WebflowWebflow is the way to design, build, and launch powerful websites visually — without coding.
Application Engineer47 days ago
Full TimeRemoteTeam 501-1,000Since 2013H1B Sponsor
Staff Application Security Engineer securing Webflow’s web application platform and ecosystem
SDLC
Staff Application Security Engineer
ThumbtackWe help people care for their home from top to bottom — and empower small businesses nationwide to grow.
Application Engineer47 days ago
Full TimeRemoteTeam 1,001-5,000H1B Sponsor
Staff Application Security Engineer at Thumbtack managing application security direction
AWSCloudGoogle Cloud Platform
Application Engineer48 days ago
Full TimeRemoteTeam 1,001-5,000Since 2006H1B Sponsor
Senior VoIP Application Engineer developing reliable VOIP applications for Nextiva
AWSAzureCloudFirewallsGoogle Cloud PlatformJavaJavaScriptNoSQLPythonSQLVoIP
Application Engineer48 days ago
Full TimeRemoteTeam 1,001-5,000H1B No Sponsor
Applications Engineer III developing technical solutions for new equipment
Oracle
United States
