About Thumbtack
Sourced by ZipRecruiter
Industry
Software development
Company size
501 - 1,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2008
Job description
Thumbtack helps millions of people confidently care for their homes.
Thumbtack is the one app you need to take care of and improve your home - from personalized guidance to AI tools and a best-in-class hiring experience. Every day in every county of the U.S., people turn to Thumbtack to complete urgent repairs, seasonal maintenance and bigger improvements. We help homeowners know which projects to do, when to do them and who to hire from our growing community of 300,000 local service businesses. If making an impact inspires you, join us. Imagine what we'll build together.
About the Cybersecurity team
The Security Engineering team at Thumbtack is focused on enabling innovation at scale by making the secure path the easiest path. We believe strong security is not a blocker to velocity, but a force multiplier when it is designed into systems, platforms, and developer workflows from the start.
We partner closely with Product, Engineering, Platform, and Data teams to shape system design, guide architectural decisions, and evolve Thumbtack's security posture as the company scales. Through collaboration, automation, and thoughtful tradeoffs, we help ensure Thumbtack can ship fast, innovate boldly, and maintain customer trust.
Challenge
As Thumbtack scales and increasingly incorporates AI-powered features into our products and internal systems, security must evolve without slowing innovation. The number of services, deployment patterns, and data flows continues to grow, and traditional approaches that rely heavily on manual reviews or after-the-fact controls do not scale to meet this need.
Instead, the challenge is to design security into the system itself. This means building secure defaults, paved paths, and reusable building blocks that product and engineering teams can adopt with minimal friction. By embedding security directly into architectures, tooling, and infrastructure, we reduce cognitive load on engineers and enable teams to move quickly and confidently while meaningfully lowering risk.
What you'll do
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact: recruitingops@thumbtack.com.
If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack's Privacy policy available at https://www.thumbtack.com/privacy/.
We put as much craftsmanship into candidate safety as we do into the hiring experience itself. While scammers may try to impersonate our team, we'll never ask you for money, banking info, or SSNs during hiring. Check out our blueprint on how to spot the fakes.
Thumbtack is the one app you need to take care of and improve your home - from personalized guidance to AI tools and a best-in-class hiring experience. Every day in every county of the U.S., people turn to Thumbtack to complete urgent repairs, seasonal maintenance and bigger improvements. We help homeowners know which projects to do, when to do them and who to hire from our growing community of 300,000 local service businesses. If making an impact inspires you, join us. Imagine what we'll build together.
About the Cybersecurity team
The Security Engineering team at Thumbtack is focused on enabling innovation at scale by making the secure path the easiest path. We believe strong security is not a blocker to velocity, but a force multiplier when it is designed into systems, platforms, and developer workflows from the start.
We partner closely with Product, Engineering, Platform, and Data teams to shape system design, guide architectural decisions, and evolve Thumbtack's security posture as the company scales. Through collaboration, automation, and thoughtful tradeoffs, we help ensure Thumbtack can ship fast, innovate boldly, and maintain customer trust.
Challenge
As Thumbtack scales and increasingly incorporates AI-powered features into our products and internal systems, security must evolve without slowing innovation. The number of services, deployment patterns, and data flows continues to grow, and traditional approaches that rely heavily on manual reviews or after-the-fact controls do not scale to meet this need.
Instead, the challenge is to design security into the system itself. This means building secure defaults, paved paths, and reusable building blocks that product and engineering teams can adopt with minimal friction. By embedding security directly into architectures, tooling, and infrastructure, we reduce cognitive load on engineers and enable teams to move quickly and confidently while meaningfully lowering risk.
What you'll do
- Own the long-term technical direction for application security across Thumbtack. Build prioritized roadmaps and drive remediation of systemic security risks across the application stack.
- Lead large, cross-functional security initiatives from problem definition through delivery.
- Design secure-by-default architectures, standards, and paved paths for engineering teams. Design and implement shared security tooling, libraries, patterns, and services that enable engineering to ship quickly and safely. Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
- Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
- Lead application security design reviews, architectural discussions, and threat modeling for critical systems. Contribute code, reviews, and designs to address complex or novel security risks.
- Mentor engineers and raise the overall security bar through guidance and example.
- Support security incident response and drive learning through post-incident analysis.
- 8+ years of experience in software engineering and application security, including a strong understanding of secure coding practices and application security frameworks.
- Deep expertise in secure system design and architecture as well as modern application security tools, patterns, and practices (e.g. threat modeling, secure design patterns, authentication and authorization, secrets management, vulnerability discovery and remediation workflows).
- Proven track record leading large, cross-functional technical initiatives with sustained impact.
- Strong experience securing modern, cloud-native systems (AWS and/or GCP).
- Strong product intuition and analytical, risk-informed thinking, identifying where security investments will have the highest leverage and measurable impact. Ability to balance pragmatism and rigor, making thoughtful tradeoffs between risk, velocity, and maintainability.
- Strong sense of ownership and accountability, balancing hands-on technical execution with the ability to mentor others, raise standards, and drive organization-wide improvements in application security.
- Excellent written and verbal communication skills, with the ability to influence without authority and the ability to explain complex security issues to both technical and non-technical audiences.
- For candidates living in San Francisco / Bay Area, San Jose, New York City, or Seattle metros, the expected salary range for the role is currently $249,900.00 - $323,400.00.
- For candidates living in Austin, TX or Washington DC metros or in California, Massachusetts, New Jersey, or Washington states, the expected salary range for the role is currently $225,300.00 - $291,500.00.
- For candidates living in all other US locations, the expected salary range for this role is currently $212,500.00 - $275,000.00.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact: recruitingops@thumbtack.com.
If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack's Privacy policy available at https://www.thumbtack.com/privacy/.
We put as much craftsmanship into candidate safety as we do into the hiring experience itself. While scammers may try to impersonate our team, we'll never ask you for money, banking info, or SSNs during hiring. Check out our blueprint on how to spot the fakes.
thumbtack.com
Most Popular Jobs Similar to Application Security Engineer
application security specialist
application security consultant
security engineer
it security engineer
application security architect
security system engineer
security software engineer
security developer
java security engineer
senior security engineer
Other Helpful Pages Related To Staff Application Security Engineer
Physical Security Consultant Salaries
Physical Security Consultant Career Research
Frequently asked questions
Q: What skills or qualities help someone succeed as a Application Security Engineer?
A: To succeed as an Application Security Engineer, key technical skills include proficiency in programming languages such as Java, Python, and C++, as well as expertise in security frameworks and tools like OWASP, Burp Suite, and Nmap. Additionally, soft skills like strong analytical and problem-solving abilities, effective communication, and collaboration with cross-functional teams are crucial for identifying vulnerabilities, developing secure code, and implementing security measures. These technical and soft skills enable Application Security Engineers to effectively protect applications from cyber threats, drive security best practices, and contribute to the overall success of their organization.
Q: What is the career path for a Application Security Engineer?
A: A typical career progression for an Application Security Engineer involves starting as a Junior Security Engineer or Penetration Tester, where they develop foundational skills in vulnerability assessment and penetration testing. As they gain experience, they can move into mid-level roles such as Security Consultant or Application Security Architect, where they design and implement secure software development lifecycle (SDLC) processes and lead security teams. Senior roles, such as Chief Information Security Officer (CISO) or Head of Application Security, often involve strategic decision-making and overseeing the overall security posture of an organization.\n\nKey opportunities for skill development and professional growth in this role include staying up-to-date with emerging threats and technologies, learning programming languages and development frameworks, and developing leadership and communication skills. Additionally, certifications such as the Certified Information Systems Security Professional (CISSP) or the Certified Secure Software Lifecycle Professional (CSSLP) can be beneficial for career advancement.\n\nLong-term career prospects for Application Security Engineers may include transitioning into leadership roles, such as CISO or Director of Security, or pursuing specialized roles like Cloud Security Engineer or DevSecOps Engineer, where they can leverage their technical expertise to drive innovation and security in emerging technologies.