Key skills
JavaScriptTypeScriptPythonJavaC#CGoAWSAzureGCPKubernetesOAuthSaaSCI/CDMentoringCommunication
About this role
Tango is a company focused on helping businesses make smarter decisions through technology and data. They are seeking a Staff Application Security Engineer who will uncover vulnerabilities, fix them in application and infrastructure codebases, and collaborate with product and engineering teams to champion secure design and automate developer workflows.
Responsibilities:
- Perform hands-on security work across the stack: code reviews, threat modeling, vulnerability hunting, and remediation in production services
- Own end-to-end remediation for complex findings: from exploit proof-of-concept to code-level fixes and automated CI checks
- Build and maintain developer-first security tools, automation, and self-service capabilities (SAST rules, IaC scanning, dependency/OSS policies, CI/CD gates)
- Lead threat modeling sessions and secure design reviews for new product initiatives and platform changes
- Collaborate with SRE and Platform teams to harden runtimes, secrets management, identity, and authentication flows
- Mentor and coach engineers on secure coding, secure-by-default patterns, and incident learnings
- Contribute to security metrics and visibility (vulnerability backlog, mean time to remediate, coverage of automated tests)
Requirements:
- Applicants must be authorized to work in the U.S. for any employer
- 10+ years software engineering and application security experience (or equivalent), with deep hands-on polyglot coding experience across at least two major languages (e.g., Java, Python, Go, JavaScript/TypeScript, C#)
- Demonstrated ability to both find security issues (offensive skills) and implement fixes across app and infra codebases (defensive skills)
- Experience building developer-friendly AppSec programs and integrating security tooling into CI/CD pipelines
- Familiarity with cloud platforms (AWS, GCP, Azure) and container/Kubernetes security practices
- Strong communication skills and experience mentoring engineers across multiple teams
- Comfort with threat modeling, secure design patterns, PKI/identity flows, OAuth/OIDC, and authentication hardening
- Experience working at scale in B2B SaaS environments; prior experience at developer-focused security companies or engineering-forward startups is a plus
- Bachelor's degree in computer science or a related field
- Open-source security contributions, published tooling, or participation in security communities
- Experience with program-level security metrics, vulnerability triage frameworks, and compliance programs (e.g., SOC2, FedRAMP context)