Application Security Engineer

About Owner.com Owner is the AI growth system for local restaurants. Our AI continuously improves SEO, marketing, and online ordering to grow first-party orders. Unlike other companies that force small business owners to master their software to drive sales, Owner gives them a proven system run by experts. Owner is like having an army of engineers and marketers on your side, just like the big chains. Our vision We’re starting by helping independent restaurants succeed online. But it’s not just restaurants that need our help. Most local businesses are struggling with these same problems. Huge technology corporations are taking their customers, bleeding their profits, and making it hard for them to survive. Once we nail the solution for restaurants – we’ll scale it into every other local business type. In the future we envision, tens of millions of local business owners will use our technology to succeed in the digital age. Read our Series C memo here → Our traction Since 2020, we've generated tens of millions in revenue and processed over half a billion dollars of online orders. 1 in 5 Americans have used an Owner.com website. More importantly, we’ve helped over 20,000 restaurant owners, and saved them nearly $200 million in fees. Our team Our team is now in the low hundreds. We’ve got top talent from the most successful companies in SMB software, including: Shopify, HubSpot, DoorDash, ServiceTitan, Rappi, Faire and Stripe. We’ll be scaling even faster in 2026 to keep pace with our customer growth. Where we work Owner is a remote-first, global company headquartered in San Francisco, with a sales hub in Toronto. For a few of our roles we prioritize in-person collaboration at one of our office locations. Most of our teammates are distributed throughout the globe. Please review the role description and discuss with your recruiter for more details on location! 🔍 Why we’re looking for you We are seeking a highly skilled Application Security Engineer (AppSec Engineer). The AppSec Engineer will partner with engineering teams to conduct application security testing, remediation, and prevention across our entire product line. This role is critical to protecting and advancing Owner’s mission. This role is 100% remote and can be based anywhere in the United States or Canada, as well as Mexico or Colombia. 💥 The impact you will have

Secure Owner’s product line.

Enable teams to move fast without exposing Owner to unnecessary risk.

Protect our customers by helping prevent fraud and abuse across our products.

Make Owner’s development process more secure, efficient, and enjoyable.

🤝 Who you’ll work with

This role has company-wide impact and works cross-functionally across the organization, including:

Engineering teams

Customer Support teams

✅ What we’re looking for

Exceptional application security testing capabilities.

Conduct penetration testing for all applications, both existing and new developments.

Perform on-demand security testing for new and existing applications.

Conduct security code reviews in partner engineering teams and product teams.

Experience working with and testing startups in this capacity.

Triage reported vulnerabilities.

Bonus: Background in bug bounty programs and exploit development.

Experience writing feature-level, production-quality code using an object-oriented programming language.

Flexible, pragmatic problem-solving approach.

Strong written and verbal communication skills.

Deep sense of personal ownership and accountability.

Builder mentality.

Nice to Haves

Experience with B2C business models and their associated security considerations.

Experience with application-level alerting and detection.

Experience detecting and preventing fraud and abuse.

Experience with payment or financial security.

🏆 Pay and benefits

The estimated base salary for this role is in the local equivalent of $190,000 to $220,000 USD

Other benefits include comprehensive health coverage, remote-first work environment, unlimited PTO - plus extra fun perks!