Staff Application Security Engineer
Keeper Security is hiring a Staff Application Security Engineer to lead and advance our in-house application security program. This role combines deep technical expertise with strategic influence. You will define, execute, and scale Keeper’s application security initiatives across our globally distributed platform. This is a 100% remote position with an opportunity to work a hybrid schedule for candidates based in the El Dorado Hills, CA or Chicago, IL metro area!
Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations globally. Keeper is published in 21 languages and is sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and help secure our industry-leading platform.
About Keeper
Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.
About the Role
The Staff Application Security Engineer will be responsible for leading Keeper’s application security program and embedding security into every phase of the SDLC. This hands-on leadership role will include internal penetration testing, secure design reviews, bug bounty management, and security research to identify and mitigate emerging threats. You will work directly with the CTO, partner with third-party security experts, and collaborate with development teams to proactively reduce risk, strengthen defenses, and scale Keeper’s security posture globally.
Responsibilities
- Define and drive Keeper’s application security strategy, ensuring alignment with business and engineering goals
- Lead internal penetration testing and advanced security assessments for Java- and React-based applications
- Conduct architecture reviews and threat modeling for high-impact features and services
- Own and manage Keeper’s bug bounty program, including triage, validation, and developer enablement
- Partner with engineering teams to embed secure coding practices, provide remediation guidance, and influence the SDLC
- Collaborate with third-party penetration testing partners and validate findings at scale
- Develop, enhance, and automate application security tooling, scripts, and workflows
- Conduct forward-looking security research to identify emerging threats and inform proactive defenses
- Mentor and guide engineers across the organization in secure design and implementation
- Provide executive-level reporting and clear communication of vulnerabilities, risks, and mitigations
- 10+ years of combined experience in software engineering and security roles, with at least 5+ years focused on application security
- Deep expertise in web application security, secure architecture design, and the OWASP Top 10
- Strong proficiency in penetration testing, code review, and security assessment of Java and React applications
- Proven ability to lead security initiatives across multiple engineering teams and influence secure development at scale
- Hands-on experience managing bug bounty programs (HackerOne, Bugcrowd, etc.)
- Proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, or similar
- Strong programming and scripting skills (Java, JavaScript/React, Python, Bash, or equivalent)
- Excellent communication skills, with the ability to translate technical risk into business context for leadership
Preferred Qualifications
- Offensive Security certifications (OSCP, OSWE, or equivalent)
- Experience integrating security into CI/CD pipelines and cloud-native environments
- Background in vulnerability research, exploit development, or advanced security R&D
- Track record of publishing or presenting security research at conferences or industry forums
- Medical, Dental & Vision (Inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401k (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
- Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Classification: Exempt
Average salary estimate
If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.
Ironclad is looking for a Senior Site Reliability Engineer to design and operate a resilient, secure, and scalable cloud platform that empowers product teams and accelerates contract lifecycle management.
Lead a remote US engineering team to design, build, and scale high-throughput fiat rails and banking integrations for a fast-growing fintech platform.
Experienced backend engineer needed to lead development of scalable APIs and services for a cutting-edge investor identity platform in a remote-first company.
Lead the design and implementation of authentication and authorization services for an award-winning online banking platform as a Senior Back-End C# Engineer on the Auth team.
PointClickCare is hiring an Intermediate Software Engineer (React/Java) to build scalable, cloud-based healthcare applications as part of a cross-functional Agile team.
Senior Software Technical Lead to architect, implement, and maintain secure Java-based microservices on a greenfield project with in-person work required in Sterling, VA or Aurora, CO.
A remote-friendly healthcare tech company is hiring a Staff Engineer to lead complex full-stack engineering efforts, adopt AI/automation tools, and shape long-term technical strategy.
Booz Allen is hiring a Senior Full Stack Software and Data Engineer to develop end-to-end software and data solutions for classified government programs.
Lead architecture and development for a widely used, cloud-based event management platform as a fully-remote Senior Software Developer in the United States.
Siena is hiring a Product Engineer to build full-stack AI-driven agent capabilities, shape evaluation systems, and deliver integrations that redefine customer experience and e-commerce.
Benchling is looking for a Backend Software Engineer on the Developer Platform team to build scalable APIs, event systems, and agent integrations that empower biotech developers and partners.
Lead the frontend architecture and delivery of Medical Guardian’s unified, multilingual web and mobile platform as Principal Frontend App Developer, driving component standards, CMS integrations, and cross-team execution.
FloQast is hiring a hybrid-based Technical Lead Manager to drive platform architecture and lead a small engineering team while remaining a hands-on contributor.
Established in 2011, Keeper Security is the creator of the leading cybersecurity platform for preventing password-related data breaches and cyberthreats. The company is headquartered out of Chicago, IL.
20 jobs
🔮
Hi, I'm Risa! Your AI Career Copilot
you, just ask me below!
