Senior Application Security Engineer

4 weeks ago


San Francisco CA, United States Worldcoin.org Full time

About the Company:Worldcoin () is an open-source protocol, supported by a global community of developers, individuals, economists and technologists committed to expanding participation in, and access to, the global economy. Its community is united around core beliefs in the inherent worth and equality of every individual, the right to personal privacy, and open and public collaboration. These beliefs are reflected in what the community is building: a public utility to connect everyone to the global economy.The Worldcoin Foundation () is the protocol’s steward and will support and grow the Worldcoin community until it becomes self-sufficient.  Tools for Humanity ()  is a global hardware and software development company.  It helped launch Worldcoin and continues to provide support to the Foundation, in addition to operating the World App.This opportunity would be with Tools for Humanity.About the OrbWorldcoin's launch requires a "Proof-of-Personhood": a way to determine someone is human (not a bot) and hasn't already claimed their free share of Worldcoin. This is why we developed the Orb.The Orb is an advanced biometric imaging device, custom-designed for Worldcoin's launch. Orbs are deployed to a global network of operators, who use the device to onboard new Worldcoin users. During this onboarding, the Orb generates an encoding of each user's iris and submits it to Worldcoin's backend. For more details on how the Orb is part of Worldcoin's privacy-preserving approach to Proof-of-Personhood, see the Worldcoin whitepaper.The Orb solves a fierce combination of engineering and UX challenges, centered around image quality, security, and ease-of-use. Each device has an advanced iris imaging system, designed to work consistently across real-world lighting conditions. An additional suite of sensors feeds into an onboard fraud detection system, enabling use in unsecured environments. These systems are combined in a sleek industrial design with a simple, minimalist user interface.About the TeamFor Worldcoin to launch successfully on a global scale, we need to both ensure fairness and build trust with our users. Therefore, it is essential to prevent fraud, protect privacy, and ensure availability.Beyond regular company security the goal of security at Worldcoin is to deploy an edge device to unsecured environments. We consider a wide range of threats that span tampering with the device, spoofing the device as well as backend attacks. The cross-disciplinary nature of this team requires interfacing with various other teams across the company including Economics, AI, Backend and Orb Software. We are a small security team and you will have a huge impactAbout the OpportunityYou will:Perform security-focused code reviews and own the vulnerability management processSupport and consult with Worldcoin teams in the area of application security, including threat modeling and security reviewsGrow and develop the secure application design processAssist teams in reproducing, triaging, and addressing application security vulnerabilities discovered by internal tools and our bug bounty program.Grow and develop the bug bounty program.Assist in development of security processes and automated tooling that prevent classes of security issues.About You6+ years of technical experience with at least 3 years of experience leading efforts in ApplicationSecurity.Experience in Programming languages such as Python, Go, and RustExperience with Application Security Testing Tools such as SAST, DAST, IAST or SCA. Familiarity with OWASP Top 10 and other Secure Development Life Cycle practices.Familiarity with AWS architecture/ecosystem.Familiarity with API securityCode review experienceContainer security experienceExperience automating services/toolsExperience leading threat modeling sessions with developersNice to have: Application security architect and design experienceExperience as a Security Champion Experience with Kubernetes and AWS EKSFamiliarity with how containers work and how to secure containers.One or more of the following AWS certifications: AWS Certified Solutions Architect, AWS Certified Security - Specialty, AWS Certified DeveloperOne or more of the following certifications: CISSP, GWAPT, GPEN, CEH, CSSLP, and Sec+.By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.Pay transparency statement (for CA and NY based roles): The reasonably estimated salary for this role at TFH ranges from $236,000 - $323,000, plus a competitive long term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition,  TFH offers a wide range of best in class, comprehensive and inclusive employee benefits for this role including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend and much more



  • San Francisco, CA, United States Amazon Full time

    Do you thrive on the challenge of threat modeling and fortifying the defenses of AI/Gen AI and cloud systems? As a Senior Security Engineer (AppSec) on the AWS Gen AI security team, you will be entrusted with the security review and threat modeling of AWS Gen AI offerings. We conduct security reviews, penetration testing, build security automation, and...


  • San Francisco, United States Amazon Development Center U.S., Inc. Full time

    Go beyond protecting Amazon Web Services (AWS) and have a direct impact on new cutting-edge initiatives at Amazon. Work across multiple security domains as well as strategic security partnerships. Since 2006, our great team at AWS has been enabling our customers to bring great ideas to life in ways that aren’t possible in traditional IT environments. AWS...


  • San Francisco, CA, United States SmithRx Full time

    SmithRx is a dynamic and rapidly growing Healthcare Tech startup that is venture-backed with a charter to transform the healthcare industry through innovative technology solutions. We are committed to revolutionizing the way healthcare is delivered and experienced, making it more efficient, accessible, and patient-centric. Our mission is to disrupt the...


  • Los Angeles, CA, United States INTELLISWIFT INC Full time

    Job ID: 24-02366 Job Title: Senior Application Security Engineer Location: Woodland Hills, CA 91367 (Remote, southern CA preferred) Duration: 8 months Contract Type: W2 only Pay Rate: $105.17/Hour Scope Our team is looking for a Senior Application Security Engineer with extensive product security experience and deep expertise in...


  • San Francisco, CA, United States Caldera Full time

    Senior Infrastructure Engineer, Security We’re looking for an incredible senior engineer to help us build the future of blockchain scalability. This is an ideal opportunity for an engineer who is already passionate about tackling problems in blockchain scalability, or looking to break into the blockchain engineering space. If you’re looking to work...


  • San Francisco, CA, United States Anthropic Limited Full time

    Anthropic is working on frontier AI research that has the potential to transform how humans and machines interact. As we rapidly advance foundational LLMs, application security is paramount. In this role, you will apply security patterns built for high-risk environments to safeguard model weights as we scale new capabilities. Working closely with software...


  • San Francisco, CA, United States CloudFlare Full time

    Lisbon or Remote Portugal About the Department The Identity and Access Management (IAM) team is dedicated to ensuring the secure and efficient management of user identities, access privileges, and authentication mechanisms across all company systems, applications, and data. Our mission is to safeguard the organization against unauthorized access, protect...


  • San Francisco, United States OpenGov Full time

    OpenGov is home to an exceptional team - passionate about our mission to power more effective and accountable government. By bringing the OpenGov Cloud to our nation's state and local government, we're transforming communities so they can thrive! Imagine yourself being able to help small business owners open their doors faster, ensuring our tax dollars are...


  • San Francisco, CA, United States SmithRx Full time

    Who We Are: SmithRx is a dynamic and rapidly growing Healthcare Tech startup that is venture-backed with a charter to transform the healthcare industry through innovative technology solutions. We are committed to revolutionizing the way healthcare is delivered and experienced, making it more efficient, accessible, and patient-centric. Our dedicated team of...


  • San Francisco, CA, United States Arbitrum Full time

    Senior Infrastructure Engineer, Security We’re looking for an incredible senior engineer to help us build the future of blockchain scalability. This is an ideal opportunity for an engineer who is already passionate about tackling problems in blockchain scalability, or looking to break into the blockchain engineering space. If you’re looking to work in...


  • San Francisco, CA, United States Caldera Full time

    Senior Infrastructure Engineer, Security We're looking for an incredible senior engineer to help us build the future of blockchain scalability. This is an ideal opportunity for an engineer who is already passionate about tackling problems in blockchain scalability, or looking to break into the blockchain engineering space. If you're looking to...


  • San Francisco, CA, United States Primer Full time

    As a Senior Security Engineer you will be a key member of the Information Security team ensuring security across the company. You will help confirm that sensitive data is protected and make sure we have the right tools implemented to maintain trust. You will also help our software engineers be successful by sharing your knowledge and working to prevent...


  • San Francisco, CA, United States Aurora Innovation Full time

    Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. Aurora’s Product Security team’s mission is to discover, mitigate, and prevent security risks in the software,...

  • Senior Engineer

    2 weeks ago


    San Francisco, CA, United States Aurora Innovation Full time

    Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all. We’re searching for a Senior Staff Security Engineer - Detection and Response In this role, you will lead the...


  • San Francisco, CA, United States primer.ai Full time

    Primer exists to make the world a safer place. We do this by providing trusted decision-ready AI to the world's most critical organizations. Our software enables leaders, operators, and analysts to better understand the changing world around us in real time and make informed decisions when the stakes are high. Primer has offices in San Francisco,...


  • San Francisco, CA, United States Cyber Crime Full time

    Primer exists to make the world a safer place. We do this by providing trusted decision-ready AI to the world's most critical organizations. Our software enables leaders, operators, and analysts to better understand the changing world around us in real time and make informed decisions when the stakes are high. Primer has offices in San Francisco, Pasadena,...


  • San Francisco, CA, United States Zetachain Full time

    Application Security or DevSecOps Engineer with broad set of experiences to have an early and formative impact in many areas of the ZetaChain security program. The ideal candidate will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC) and will have ownership over several critical areas. ...


  • San Francisco, CA, United States Pave Full time

    Full Time] Senior Security Engineer at Pave (United States) | BEAMSTART Jobs Senior Security Engineer Full Time Stock Options Today, teams cobble together hundreds of messy spreadsheets and outdated surveys to determine how to compensate their employees. At best, they’re leveraging stale data from an industry that is quickly evolving past it. Add...


  • San Francisco, CA, United States Opal Security Full time

    Opal is building the next generation of access management. We've all felt the pain of not getting the access we need to do our job. At Opal, we’re building a central hub for authorization to make access management automated, intelligent, and easy to use. We are taking an age old problem in enterprise software and making it simple. Our product prioritizes...


  • San Francisco, CA, United States Lakera Full time

    As our first dedicated Senior Security Engineer, you’ll have a significant impact at a rapidly growing startup. We’ve built a small security program including SOC2 certification, but it’s time for someone dedicated to lead that. Your role will vary, from implementing security monitoring tools to promoting IaC best practices to conducting risk...