Key skills
AWSCloudMicroservicesRubyRuby on RailsSDLCGoGolangRailsCI/CDLeadershipMentoringCommunicationOWASP
About this role
Role Overview
- Lead the Application Security team, including hiring, mentoring, and performance management.
- Define and execute the Application Security roadmap aligned with business priorities and regulatory obligations (e.g., PCI, SOC 2).
- Partner closely with Engineering, Product, QA, Infrastructure, and DevOps leadership to embed security early in the SDLC.
- Oversee security design reviews and code security reviews across: Go-based microservices, Ruby-based monolith applications
- Provide technical guidance on secure architecture decisions in a cloud-first (AWS) environment.
- Own and continuously improve the organization’s threat modeling framework and ensure it’s embedded in new feature development and architectural changes.
- Ensure SAST and SCA tooling is integrated into CI/CD and appropriately tuned to reduce false positives.
- Drive meaningful reporting dashboards for Development and Engineering leadership.
- Establish and operationalize a risk-based vulnerability prioritization framework and scoring rubric aligned with OWASP guidance and applicable industry standards.
- Act as a trusted advisor to Engineering leadership and influence architectural decisions that reduce systemic risk.
Requirements
- 8+ years of experience in Application Security or Secure Software Engineering
- 3+ years leading or managing technical security teams
- Strong hands-on experience with: Ruby (Rails) application security, Go (Golang) application security
- Deep knowledge of: Secure SDLC practices, Threat modeling methodologies (e.g., STRIDE, attack trees), SAST and SCA tools and rule tuning, OWASP Top 10 and API Security Top 10
- Experience integrating security tools into CI/CD pipelines.
- Familiarity with cloud-native application security in AWS environments.
- Strong understanding of microservices security patterns (service-to-service auth, token handling, API gateways, etc.).
- Strong communicator capable of influencing senior engineering leaders.
Tech Stack
- AWS
- Cloud
- Microservices
- Ruby
- Ruby on Rails
- SDLC
- Go
Benefits
- Competitive salary and benefits with growth-company options grant
- Fast-paced and professional work culture
- Stock options with standard startup vesting
- 1 year cliff; 4 years total
- $50 monthly communication expense stipend to go towards your phone/internet bill
- $250 stipend to enhance your WFH setup
- Reimbursement for peripheral equipment: monitor (up to $400), keyboard and mouse (up to $200)
- Premium medical benefits including vision and dental (100% coverage for employees)
- Company-sponsored life and disability insurance
- Paid parental bonding leave
- Paid sick leave, jury duty, bereavement
- 401k plan
- Flexible Time Off (our team members typically take off ~3-4 weeks per year)
- Volunteer Time Off
- 13 scheduled holidays