About Thumbtack
Sourced by ZipRecruiter
Industry
Software development
Company size
501 - 1,000 Employees
Headquarters location
San Francisco, CA, US
Year founded
2008
$69.25 - $92.50/hr
Full-time
Posted 25 days ago
Job description
Job Summary:
Thumbtack is a company dedicated to helping people care for their homes through an innovative app that connects homeowners with local service businesses. They are seeking a Staff Application Security Engineer to lead the technical direction for application security, design secure architectures, and mentor engineering teams to ensure security is embedded in development workflows.
Responsibilities:
• Own the long-term technical direction for application security across Thumbtack. Build prioritized roadmaps and drive remediation of systemic security risks across the application stack.
• Lead large, cross-functional security initiatives from problem definition through delivery.
• Design secure-by-default architectures, standards, and paved paths for engineering teams. Design and implement shared security tooling, libraries, patterns, and services that enable engineering to ship quickly and safely. Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
• Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
• Lead application security design reviews, architectural discussions, and threat modeling for critical systems. Contribute code, reviews, and designs to address complex or novel security risks.
• Mentor engineers and raise the overall security bar through guidance and example.
• Support security incident response and drive learning through post-incident analysis.
Qualifications:
Required:
• 8+ years of experience in software engineering and application security, including a strong understanding of secure coding practices and application security frameworks.
• Deep expertise in secure system design and architecture as well as modern application security tools, patterns, and practices (e.g. threat modeling, secure design patterns, authentication and authorization, secrets management, vulnerability discovery and remediation workflows).
• Proven track record leading large, cross-functional technical initiatives with sustained impact.
• Strong experience securing modern, cloud-native systems (AWS and/or GCP).
• Strong product intuition and analytical, risk-informed thinking, identifying where security investments will have the highest leverage and measurable impact. Ability to balance pragmatism and rigor, making thoughtful tradeoffs between risk, velocity, and maintainability.
• Strong sense of ownership and accountability, balancing hands-on technical execution with the ability to mentor others, raise standards, and drive organization-wide improvements in application security.
• Excellent written and verbal communication skills, with the ability to influence without authority and the ability to explain complex security issues to both technical and non-technical audiences.
Company:
Thumbtack is a home services website connecting users with local service providers. Founded in 2008, the company is headquartered in San Francisco, USA, with a team of 1001-5000 employees. The company is currently Late Stage.
Thumbtack is a company dedicated to helping people care for their homes through an innovative app that connects homeowners with local service businesses. They are seeking a Staff Application Security Engineer to lead the technical direction for application security, design secure architectures, and mentor engineering teams to ensure security is embedded in development workflows.
Responsibilities:
• Own the long-term technical direction for application security across Thumbtack. Build prioritized roadmaps and drive remediation of systemic security risks across the application stack.
• Lead large, cross-functional security initiatives from problem definition through delivery.
• Design secure-by-default architectures, standards, and paved paths for engineering teams. Design and implement shared security tooling, libraries, patterns, and services that enable engineering to ship quickly and safely. Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
• Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
• Lead application security design reviews, architectural discussions, and threat modeling for critical systems. Contribute code, reviews, and designs to address complex or novel security risks.
• Mentor engineers and raise the overall security bar through guidance and example.
• Support security incident response and drive learning through post-incident analysis.
Qualifications:
Required:
• 8+ years of experience in software engineering and application security, including a strong understanding of secure coding practices and application security frameworks.
• Deep expertise in secure system design and architecture as well as modern application security tools, patterns, and practices (e.g. threat modeling, secure design patterns, authentication and authorization, secrets management, vulnerability discovery and remediation workflows).
• Proven track record leading large, cross-functional technical initiatives with sustained impact.
• Strong experience securing modern, cloud-native systems (AWS and/or GCP).
• Strong product intuition and analytical, risk-informed thinking, identifying where security investments will have the highest leverage and measurable impact. Ability to balance pragmatism and rigor, making thoughtful tradeoffs between risk, velocity, and maintainability.
• Strong sense of ownership and accountability, balancing hands-on technical execution with the ability to mentor others, raise standards, and drive organization-wide improvements in application security.
• Excellent written and verbal communication skills, with the ability to influence without authority and the ability to explain complex security issues to both technical and non-technical audiences.
Company:
Thumbtack is a home services website connecting users with local service providers. Founded in 2008, the company is headquartered in San Francisco, USA, with a team of 1001-5000 employees. The company is currently Late Stage.
thumbtack.com
Most Popular Jobs Similar to Application Security Engineer
application security specialist
application security consultant
security engineer
it security engineer
application security architect
security system engineer
security software engineer
security developer
java security engineer
senior security engineer
Frequently asked questions
Q: What skills or qualities help someone succeed as a Application Security Engineer?
A: To succeed as an Application Security Engineer, key technical skills include proficiency in programming languages such as Java, Python, and C++, as well as expertise in security frameworks and tools like OWASP, Burp Suite, and Nmap. Additionally, soft skills like strong analytical and problem-solving abilities, effective communication, and collaboration with cross-functional teams are crucial for identifying vulnerabilities, developing secure code, and implementing security measures. These technical and soft skills enable Application Security Engineers to effectively protect applications from cyber threats, drive security best practices, and contribute to the overall success of their organization.
Q: What is the career path for a Application Security Engineer?
A: A typical career progression for an Application Security Engineer involves starting as a Junior Security Engineer or Penetration Tester, where they develop foundational skills in vulnerability assessment and penetration testing. As they gain experience, they can move into mid-level roles such as Security Consultant or Application Security Architect, where they design and implement secure software development lifecycle (SDLC) processes and lead security teams. Senior roles, such as Chief Information Security Officer (CISO) or Head of Application Security, often involve strategic decision-making and overseeing the overall security posture of an organization.\n\nKey opportunities for skill development and professional growth in this role include staying up-to-date with emerging threats and technologies, learning programming languages and development frameworks, and developing leadership and communication skills. Additionally, certifications such as the Certified Information Systems Security Professional (CISSP) or the Certified Secure Software Lifecycle Professional (CSSLP) can be beneficial for career advancement.\n\nLong-term career prospects for Application Security Engineers may include transitioning into leadership roles, such as CISO or Director of Security, or pursuing specialized roles like Cloud Security Engineer or DevSecOps Engineer, where they can leverage their technical expertise to drive innovation and security in emerging technologies.
