Staff Security Engineer, Application Security
Canada
Full Time
2 hours ago
No H1B
Key skills
AWSCloudPythonReactRubyRuby on RailsAIMLLLMRailsCI/CDMentoringOKRs
About this role
Role Overview
- Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs.
- Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production.
- Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform.
- Drive security and product trade-off decisions at the architectural level, balancing protection with velocity.
- Influence company-wide engineering practices and security investments through data-driven recommendations.
- Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations.
- Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity.
- Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness.
- Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure.
- Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance.
- Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale.
- Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio.
- Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements.
- Embed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentation.
- Partner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posture.
- Pioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownership.
- Provide expert guidance during security incidents and lead post-incident analysis to drive systemic improvements.
- Curate and author security guidance, patterns, and training content that raises the security bar organization-wide.
- Influence security decisions at the department and company level; shape how Homebase invests in security capabilities.
Requirements
- 10+ years of progressive experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal level.
- Deep software engineering experience in production environments, you write code, build tools, and think like an engineer first.
- A proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scale.
- Hands-on experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructure.
- Strong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practices.
- Proficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and Rails.
- Experience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelines.
- Exceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholders.
- Demonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivity.
Tech Stack
- AWS
- Cloud
- Python
- React
- Ruby
- Ruby on Rails
Benefits
- 💰 Ownership & Savings: Stock options + TFSA/RRSP with 4% company match
- 🏥 Health & Wellness: Comprehensive medical, dental, and vision for you and your dependents
- ⏰ Time Flexibility: Flex time off + company holidays + designated focus periods
- 👶 Family Support: Maternity/Parental Leave EI top-up support offered (after 6 months of service)
- 🌟 Work Your Way: Work From Anywhere Month + meeting-free weeks yearly
- 🛡️ Protection Plans: Life insurance + short/long-term disability coverage
- 🍽️ Workspace Perks: Meals provided, team offsites, and Customer Days