Principal Security Engineer, Application Security (Remote - North America)

This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Security Engineer, Application Security in North America.

In this role, you will lead advanced application security initiatives, ensuring software is secure throughout its lifecycle. You will collaborate closely with engineering and product teams to anticipate, detect, and remediate vulnerabilities, while establishing secure development practices and guiding security architecture. Your work will include vulnerability research, threat modeling, and influencing technical decisions across multiple teams. This position offers the opportunity to drive strategic security solutions, mentor junior engineers, and shape the long-term security posture of high-impact software platforms. You will contribute directly to improving system resilience, protecting customer data, and enabling secure, scalable software delivery. The environment is remote-friendly, highly collaborative, and centered on innovation, knowledge sharing, and measurable impact.

Accountabilities:

• Lead the resolution of systemic vulnerabilities and define mitigations across the software platform.
• Conduct complex application security reviews and threat modeling to identify risks.
• Perform vulnerability research, including proof-of-concept exploitation in controlled environments.
• Establish secure development practices, standards, and Paved Roads to guide engineering teams.
• Provide technical leadership during security incidents and crisis response situations.
• Contribute to long-term security architecture, strategic product design, and secure software delivery practices.
• Mentor and support the development of junior security engineers.

• Bachelor’s degree or equivalent in Computer Science, Software Engineering, or related technical field (including technical bootcamps).
• 8+ years of professional experience in Application Security or Vulnerability Research.
• Expert knowledge of application security concepts, including OWASP Top 10, STRIDE, CVSS scoring, and threat modeling.
• Proficiency in programming languages such as Ruby, Ruby on Rails, Go, TypeScript, and familiarity with GraphQL APIs.
• Experience with security practices: code review, threat modeling, static/dynamic analysis (SAST/DAST), application penetration testing, and bug bounty programs.
• Strong understanding of CI/CD pipeline security, supply chain security, and API security.
• Ability to identify and remediate web vulnerabilities (SQLi, XSS, CSRF, SSRF, authentication/authorization flaws).
• Effective communication skills for both technical and non-technical audiences; fluent in English (written and verbal).
• Demonstrated ability to influence security decisions at executive and senior leadership levels.
• Critical and creative thinking, with flexibility to navigate ambiguity and drive results.

• Fully remote and asynchronous work environment.
• Flexible Paid Time Off and home office support.
• Health, financial, and well-being benefits.
• Team Member Resource Groups and inclusive culture.
• Equity compensation and Employee Stock Purchase Plan.
• Growth and development budget, including learning opportunities.
• Parental leave and other supportive workplace policies.

Jobgether is a Talent Matching Platform that partners with companies worldwide to efficiently connect top talent with the right opportunities through AI-driven job matching.

When you apply, your profile goes through our AI-powered screening process designed to identify top talent efficiently and fairly.
🔍 Our AI evaluates your CV and LinkedIn profile thoroughly, analyzing your skills, experience, and achievements.
📊 It compares your profile to the job’s core requirements and past success factors to determine your match score.
🎯 Based on this analysis, we automatically shortlist the 3 candidates with the highest match to the role.
🧠 When necessary, our human team may perform an additional manual review to ensure no strong profile is missed.

The process is transparent, skills-based, and free of bias — focusing solely on your fit for the role. Once the shortlist is completed, we share it directly with the company that owns the job opening. The final decision and next steps (such as interviews or additional assessments) are then made by their internal hiring team.

Thank you for your interest!

#LI-CL1