Full Stack Security Engineer (Application & Product)

Runpod

2h ago 0 views 0 applications
Full-time Remote
Remote - USA
Competitive
Full-time
Security Engineer

Job Description

Full Stack Security Enginee

Runpod is at the forefront of the AI revolution, empowering over a million developers – from independent researchers to teams deploying frontier models – to experiment, train, fine-tune, and scale AI on a single, powerful platform. Having processed over 20 billion inference requests and recently securing a $100M Series A, we are rapidly shaping the future of AI infrastructure. Join us as we build the platform the next generation of developers will depend on.

We're a small, remote-first team where ownership is paramount, speed is essential, and every contribution directly impacts a million-strong developer community. We're seeking individuals who are passionate, driven by urgency, and eager to make a significant impact at scale.

Learn more about our vision in our CEO's funding announcement: https://www.runpod.io/blog/one-million-developers.

The Opportunity: Secure the AI Developer Cloud
As RunPod continues to revolutionize the GPU cloud computing landscape, we are seeking a proactive and skilled Full Stack Security Engineer. This critical role is your chance to embed security directly into the heart of our platform, protecting our customer-facing products, APIs, and internal services. You will be instrumental in safeguarding user data, critical billing systems, and web interfaces, enabling Runpod's continued exponential growth.

We're looking for an AppSec professional who champions Integrated Security. This isn't about tossing PDF reports over the fence – it's about hands-on security engineering. You'll leverage strong software development abilities and deep expertise in application security, DevSecOps, and modern web architectures to ensure our product is secure by design. You will write code to fix vulnerabilities, engineer automated security guardrails into our CI/CD pipelines, and cultivate a robust security-first culture across our engineering teams.

What You'll Do:

Product Security Leadership: Lead comprehensive threat modeling, architecture reviews, and code reviews across our web applications, APIs, and microservices.
Hands-On Vulnerability Remediation: Actively develop and commit code to directly address security flaws within our Python, Go, and JavaScript/TypeScript codebases, collaborating closely with development teams.
DevSecOps Automation: Design, implement, tune, and manage cutting-edge security testing tools (SAST, DAST, SCA) within our CI/CD pipelines, catching vulnerabilities early in the Software Development Lifecycle.
Edge & Application Defense: Configure, optimize, and manage critical application-layer security controls, including Web Application Firewalls (WAF), advanced bot protection systems, and API gateways.
Security Championing: Serve as a trusted security advisor, providing expert guidance, secure coding training, and standard operating procedures to empower development teams.
Compliance & Operations: Collaborate with our operations team to ensure product-level adherence to relevant security frameworks (e.g., SOC 2, ISO 27001, GDPR) and actively participate in bug bounty program triage.

What You'll Bring:

5+ years of dedicated experience in application security, product security, or as a software engineer with a significant security focus.
Demonstrated strong programming and code-review skills in languages such as Python, Go, JavaScript/TypeScript, or similar modern stacks.
Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and modern authentication flows (OAuth, OIDC, JWT).
Hands-on experience with offensive web security testing tools (e.g., Burp Suite, ZAP).
Proven ability to build and maintain robust automated security pipelines (DevSecOps).
Exceptional skill in translating complex security risks into clear, actionable engineering tasks.

Bonus Points For:

Relevant application security certifications (e.g., OSWE, GWAPT, CISSP).
Experience securing cloud-native applications running on Kubernetes/Docker environments.
Background in managing bug bounty programs or coordinated vulnerability disclosures.

Why Join Runpod?
We believe in rewarding talent and impact. Here’s what you’ll receive:

Competitive Compensation: The base pay for this position ranges from ($152,000 - $175,000). This range accounts for various career levels at Runpod and will be refined during the interview process based on experience, qualifications, and location.
Meaningful Equity: Everyone on the team receives stock options. Your impact drives our growth, and you share in the upside.
Comprehensive Benefits: Generous medical, dental & vision plans to keep you and your family healthy.
Flexible PTO: Take the time you need to recharge and maintain work-life balance.
Remote-First Culture: Most roles are remote-first, fostering an inclusive, collaborative team environment with Slack as our main internal communication hub.
Impactful Work: Join a passionate team on the cutting edge of AI infrastructure – where culture, learning, and ownership are at the heart of how we scale.
Home Office Support: Receive a $1,200 Home Office & Equipment Stipend to set you up for success from day one.

Runpod is committed to maintaining a workplace free from discrimination and upholding the principles of equality and respect for all individuals. We believe that diversity in all its forms enhances our team. As an equal opportunity employer, Runpod is committed to creating an inclusive workforce at every level. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, protected veteran status, disability status, or any other characteristic protected by law. We welcome every qualified candidate eligible to work in the United States; however, we are currently unable to sponsor employment visas.

CyberJob.app

Your trusted source for cybersecurity job opportunities worldwide.


© 2026 CyberJob.app. All rights reserved.