NinjaTrader is an industry-leading trading platform and futures broker dedicated to empowering traders. They are seeking a Staff Security Engineer, Application Security to scale and mature their security program, ensuring systems are secure by design and integrating security into engineering workflows.
Responsibilities:
- Own key security domains such as vulnerability management, application security, API security, and supply chain security
- Drive improvements in security coverage, prioritization, and remediation workflows
- Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows
- Provide actionable, pragmatic guidance that helps teams ship securely
- Develop and improve security tooling and automation to reduce manual effort
- Implement and tune tools for SAST, SCA, DAST, dependency security, and container security
- Leverage AI/LLMs where appropriate to improve triage, detection, and review processes
- Triage and prioritize vulnerabilities using risk-based approaches
- Partner with teams to ensure timely remediation of critical issues
- Help define and improve SLAs, metrics, and reporting
- Conduct threat modeling, design reviews, and security assessments
- Contribute to incident response and postmortems for security events
- Identify and help remediate systemic risks
Requirements:
- 7+ years of experience in Application Security, Product Security, or Security Engineering
- Strong hands-on experience with threat modeling and secure design
- Experience with vulnerability management and application security tooling
- Experience working in cloud-native environments such as AWS and GCP
- Experience integrating security into CI/CD pipelines and developer workflows
- Ability to write code in Python, Go, or similar languages for automation and tooling
- Strong ability to work cross-functionally with engineering teams
- Experience scaling security in a high-growth or late-stage startup
- Familiarity with AI-driven security workflows or automation
- Background in API security, data protection, or multi-tenant systems
- Experience with bug bounty programs and penetration testing
- Security certifications such as CISSP