Material Security is a security company, which means the bar for our own application security is exceptionally high. We are looking for a Senior AppSec Engineer who is a "builder" first. You won't just be pointing out vulnerabilities; you will be writing code to eliminate entire classes of bugs.
In this role, you will have a high degree of autonomy to shape our security culture. You’ll spend your time partnering with engineering to ensure we’re building products and systems the right way and building internal tools that make it easier for our engineers to move fast without sacrificing safety. If you enjoy diving deep into complex codebases and building infrastructure that scales security, we want to talk to you.
Lead AppSec Strategy: Own the end-to-end security of the Material application, from design and threat modeling to deployment.
Vulnerability Management: Secure our dependency supply chain while working directly with engineering.
Build Security Tooling: Develop internal automation to detect and block abuse patterns and streamline security workflows (e.g., JIT access, dependency scanning).
Code & Architecture Review: Perform deep-dive security audits and code reviews for new and existing product features.
Infrastructure Security: Partner with the infrastructure team to harden our Kubernetes deployments and cloud environments (GCP).
Technical Depth: 5+ years of experience in application security, including significant time spent writing and reviewing code.
Software Engineering Skills: Proficiency in more than more than one major coding language. Preferably (but not required), that set would include Javascript/Typescript. You should be comfortable contributing directly to the codebase.
Cloud & Containers: Practical experience securing cloud environments (GCP preferred) and a strong understanding of Kubernetes security.
Systems Thinking: A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
Pragmatism: The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
Versatility: A willingness to jump into areas adjacent to traditional AppSec—e.g data analysis in BigQuery or learning about protecting against prompt injection —to get the job done.
–
Material Security is a remote-first workplace with an office in San Francisco, California.
By clicking "Apply for this Job", you acknowledge that you have read the California Candidate Privacy Notice Regarding Use of Personal Information and hereby agree to its terms.
Compensation at Material Security is determined by a range of factors, including but not limited to the individual’s particular combination of knowledge, skills, competencies, and experience. The projected compensation range for this position is $170,000-220,000.
Equal Opportunity Employer Statement
Material Security is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate on the basis of race, color, religion, creed, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, marital status, veteran status, disability, genetic information, or any other legally protected status. All employment decisions are based on qualifications, merit, and business needs.
Please mention you found this job on AI Jobs. It helps us get more startups to hire on our site. Thanks and good luck!
Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.
Senior Application Security Engineer Q&A's