Sr. Application Security Engineer

Material Security is a security company focused on high application security standards. They are seeking a Senior AppSec Engineer who will lead the security strategy and collaborate closely with engineering to enhance product safety while building internal tools.

Responsibilities:

• Lead AppSec Strategy: Own the end-to-end security of the Material application, from design and threat modeling to deployment
• Vulnerability Management: Secure our dependency supply chain while working directly with engineering
• Build Security Tooling: Develop internal automation to detect and block abuse patterns and streamline security workflows (e.g., JIT access, dependency scanning)
• Code & Architecture Review: Perform deep-dive security audits and code reviews for new and existing product features
• Infrastructure Security: Partner with the infrastructure team to harden our Kubernetes deployments and cloud environments (GCP)

Requirements:

• 5+ years of experience in application security, including significant time spent writing and reviewing code
• Comfortable contributing directly to the codebase
• Strong understanding of Kubernetes security
• A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit
• The ability to balance security risks with business velocity
• A willingness to jump into areas adjacent to traditional AppSec—e.g data analysis in BigQuery or learning about protecting against prompt injection
• Proficiency in more than one major coding language. Preferably (but not required), that set would include Javascript/Typescript
• Practical experience securing cloud environments (GCP preferred)