Senior AppSec Engineer - Build Security from the Ground Up!
Senior AppSec Engineer - Build Security from the Ground Up!
At Material Security, our mission is to secure the world's most sensitive data. As a security company, the bar for our *own* application security is exceptionally high. We aren't just looking for someone to identify vulnerabilities; we need a "builder" – an architect of robust, resilient systems who will write code to eliminate entire classes of bugs before they even emerge.
This is a high-autonomy role where you'll have significant influence in shaping our security culture. You'll partner directly with engineering teams, ensuring our products and systems are built securely by design. Your expertise will be crucial in developing innovative internal tools that empower our engineers to move with speed and agility, without ever compromising safety. If you thrive on deep dives into complex codebases and building scalable security infrastructure, we want to talk to you.
What You'll Do: Lead AppSec Strategy: Own the end-to-end security lifecycle of the Material application, from initial design and proactive threat modeling through to secure deployment. Who You Are & What You'll Bring: Application Security Expert: 5+ years of dedicated experience in application security, including substantial hands-on time writing and reviewing code. Our Workplace & Perks: Compensation: By clicking "Apply for this Job," you acknowledge that you have read the California Candidate Privacy Notice Regarding Use of Personal Information and hereby agree to its terms. Equal Opportunity Employer:
Strengthen Vulnerability Management: Safeguard our dependency supply chain, collaborating closely with engineering teams to mitigate risks.
Engineer Security Tooling: Design and develop powerful internal automation to detect and block abuse patterns, streamlining critical security workflows such as Just-In-Time (JIT) access and continuous dependency scanning.
Conduct Deep Security Audits: Perform comprehensive security audits and meticulous code reviews for both new features and existing product components.
Harden Infrastructure: Partner with our infrastructure team to fortify our Kubernetes deployments and secure our critical cloud environments (GCP).
Proficient Software Engineer: Demonstrated proficiency in more than one major coding language. While not strictly required, experience with Javascript/Typescript is a plus. You'll be comfortable contributing directly to our codebase.
Cloud & Container Security Specialist: Practical, hands-on experience securing cloud environments (GCP preferred) coupled with a strong, foundational understanding of Kubernetes security best practices.
Systems Thinker: A deep grasp of identity and access management principles (SAML, OAuth, IAM) and proven strategies for protecting sensitive data both at rest and in transit.
Pragmatic Problem Solver: The ability to adeptly balance security risks with business velocity, proposing creative and effective "middle ground" solutions that significantly reduce risk without impeding progress.
Versatile Learner: Eagerness to explore and contribute to areas adjacent to traditional AppSec, such as data analysis in BigQuery or staying ahead of emerging threats like prompt injection, to achieve project goals.
Material Security operates as a remote-first company, complemented by a vibrant office in San Francisco, California.
We believe in transparent compensation. The projected compensation range for this position is $190,000 - $235,000. Actual compensation is determined by a range of factors, including the individual’s unique combination of knowledge, skills, competencies, and experience.
Material Security is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, creed, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability, genetic information, or any other legally protected status. All employment decisions are based on qualifications, merit, and business needs.