Application Security Engineer
Braintrust2 days ago
Responsibilities
- Drive secure design across the platform by leading threat models and reviewing architecture proposals.
- Review code across TypeScript, Python, and Go services to identify vulnerabilities.
- Build secure libraries and frameworks, focusing on authn/authz and data isolation.
- Manage SAST, DAST, SCA, and secret-scanning tools to ensure high signal-to-noise.
- Run the vulnerability management program and address external bug bounty reports.
- Lead AI-specific security initiatives, including prompt injection defenses and data-exfiltration controls.
- Collaborate with open source maintainers on security for embedded libraries.
- Utilize automated workflows for code review and incident response.
Requirements
- 5+ years in application security, product security, or backend engineering with a security focus.
- Strong coding skills in at least two of TypeScript/Node.js, Python, Go, or Rust.
- Deep knowledge of web and API vulnerabilities and architectural prevention patterns.
- Experience building secure-by-default libraries or services that are widely adopted.
- Hands-on experience with authn/authz design and secrets management at scale.
- Familiarity with high-availability data platforms and real-time data ingestion.
- A clear understanding of AI/LLM security issues and experience defending against them.
- Excellent communication skills for documentation and team collaboration.
Benefits
- Medical, dental, and vision insurance.
- Daily lunch, snacks, and beverages.
- Flexible time off.
- Competitive salary and equity.
- AI Stipend.