About the role

Senior Application Security Engineer at Unit21 protecting platform and customer data through secure coding practices. Building automated security controls and mentoring product engineers to enhance security.

Responsibilities

Design, code, and deploy automated security controls, services, and frameworks to prevent vulnerabilities at scale.
Build, own, and operate the tools and infrastructure for our application security program, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning solutions.
Perform hands-on threat modeling, security architecture reviews, and in-depth code reviews (Python/TypeScript) for new products and critical features to ensure they are secure by design.
Conduct penetration tests and vulnerability assessments against our applications and APIs to proactively identify and remediate security weaknesses.
Develop custom tools and automation to streamline security operations and enhance our detection and response capabilities.
Act as a key member of our incident response team during security events.
Mentor and educate product engineers on secure coding best practices, acting as a subject matter expert and fostering a culture of security ownership.

4+ years of hands-on experience in a software engineering or application security role, with a proven track record of shipping code and building security solutions.
Demonstrated history of successful cross-organizational efforts and the ability to drive complex technical projects to completion.
Expert-level proficiency in Python, including experience building security tools, automation scripts, or backend services.
Professional experience with Go or TypeScript is a significant plus.
Deep, hands-on knowledge of common application vulnerabilities, such as the OWASP Top 10, and their mitigation techniques.
Proven experience integrating, fine-tuning, and operating security tools (e.g., SAST, DAST, SCA) within developer workflows.
Experience conducting manual penetration tests and vulnerability assessments on web applications and APIs.
Previous experience implementing protections for Generative AI systems is a significant plus.
Hands-on experience securing public cloud environments (AWS or GCP).
Basic proficiency with Infrastructure as Code (e.g., Terraform) and containerization technologies (e.g., Docker, ECS, or Kubernetes), including best practices for securing them.

Competitive salary and pre-IPO stock options
100% company-paid medical, dental and vision insurance (for employee)
Optional HSA and FSA medical reimbursement accounts
Unlimited paid time off
Generous leave programs for life events
401(k)
Charity matching
Annual Learning & Development stipend
One-time Home office set-up stipend
Commuter benefits
Wellness Bundle: One Medical, Headspace, Gympass and Carrot Fertility
Happy hours and team-building events
Great office space in the San Francisco Financial District
Fully stocked kitchen
Lunch and dinner provided in SF office at least 3x per week
A great company culture with a strong emphasis on diversity, equity and inclusion