Senior Application Security Engineer

About The Position

Requirements

• 6+ years of experience in application security or product security roles.
• Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.
• Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms.
• Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
• Proven ability to review system designs, data flows, and identify architectural security risks.
• Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective.
• Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection).
• Proficiency in one or more modern programming languages.

Nice To Haves

• Experience threat modeling or assessing AI-powered features and LLM integrations.
• Application-focused penetration testing or adversarial security testing experience.
• Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.
• Experience operating in regulated environments.
• Relevant security certifications (e.g., OSWE, GWAPT, CSSLP).

Responsibilities

• Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks.
• Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services.
• Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments.
• Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact.
• Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience.
• Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance.
• Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance.
• Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection).
• Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale.
• Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction.

Benefits

• Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer covered dental & vision plans for our team members and their families. We also offer a 401(k)-retirement plan, short & long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP)
• Equity - This position is eligible for equity compensation
• Training and Career Growth - Training and internal career growth opportunities
• Flexible Time Off - You know when and how you should recharge
• Little Hippos Program - We offer 12 weeks of parental leave for primary and secondary caregivers
• Hippo Habitat - Snacks and drinks available and catered lunches for onsite employees