Key skills
Application SecuritySecurity EngineeringAI SecurityThreat ModelingSecurity ArchitectureVulnerability ManagementCI/CD PipelinesWeb Application SecurityAWSDevSecOpsRubyPythonReactRailsAIMLLLMCI/CDMentoringOKRs
About this role
Homebase is a company that focuses on helping small businesses thrive by providing an everything app for hourly teams. They are seeking a hands-on Staff Security Engineer to lead and shape the Application Security domain, defining the strategy and architectural direction to secure their products while addressing security challenges related to AI-powered features.
Responsibilities:
- Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs
- Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production
- Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform
- Drive security and product trade-off decisions at the architectural level, balancing protection with velocity
- Influence company-wide engineering practices and security investments through data-driven recommendations
- Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations
- Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity
- Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness
- Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure
- Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance
- Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale
- Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio
- Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements
- Embed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentation
- Partner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posture
- Pioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownership
- Provide expert guidance during security incidents and lead post-incident analysis to drive systemic improvements
- Curate and author security guidance, patterns, and training content that raises the security bar organization-wide
- Influence security decisions at the department and company level; shape how Homebase invests in security capabilities
Requirements:
- 10+ years of progressive experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal level
- Deep software engineering experience in production environments, you write code, build tools, and think like an engineer first
- A proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scale
- Hands-on experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructure
- Strong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practices
- Proficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and Rails
- Experience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelines
- Exceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholders
- Demonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivity
- Experience defining application security strategy and maturity roadmaps for a high-growth, product-driven company
- A background in building AI-powered security tools or detection systems
- Speaking experience at security conferences, meetups, or community events
- Experience with threat modeling frameworks adapted for AI/ML systems