CrawlJobs Logo
Sunrun Logo Sunrun · IT - Software Development

Staff Application Security Engineer

United States 150290.60 - 180348.72 USD / Year · Job Posted February 20, 2026
Apply Position
Job Link Share

Job Description

The Application Security Engineer at Sunrun plays a pivotal role in protecting the applications that power our business. This position requires expertise across identity systems, and software development lifecycle. You will be responsible for driving the identification, assessment, and mitigation of security risks from the initial design phase through deployment and beyond. You will collaborate closely with developers and IT teams to integrate robust security practices, implement advanced protective measures for both applications and identities, and foster a comprehensive culture of security across the organization.

Job Responsibility

  • Threat Modeling & Security Design: Assess potential attack vectors and design defense-in-depth strategies that address gaps across infrastructure, 1st and 3rd party applications, and identity management
  • Secure Software Development Life Cycle (SSDLC): Partner with application development teams to integrate security into every stage of the development lifecycle. Champion secure coding standards, conduct security code reviews, and provide expert guidance to minimize vulnerabilities before production
  • Identity & Access Management (IAM): Design, implement, and manage identity security solutions across 1st and 3rd party applications. Showcase hands-on experience in implementing strategies like Zero Trust architecture and modern authentication standards like WebAuthn
  • Implement & Manage Security Controls: Design, implement, and fine-tune application security controls like SAST/DAST vulnerability scanning andand standardizing secure coding practices. Establish and improve operational processes to ensure their continued effectiveness
  • Guidance, Training & Compliance: Develop and maintain security policies and standards for both application and identity security. Provide ongoing training to developers to elevate secure coding practices
  • Stakeholder Collaboration: Use strong critical thinking and communication skills to present complex technical concepts to business stakeholders, gain alignment, and independently drive security initiatives forward

Requirements

  • 7+ years of combined experience in application security and identity & access management (IAM), with a proven track record of supporting application development teams
  • Deep knowledge of application security principles, secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and zero-trust architecture
  • Hands-on experience with security testing tools (SAST, DAST), Web Application Firewalls (WAF), and IAM platforms (e.g., Okta, AWS IAM)
  • Proficiency in programming languages such as Java, Python, or JavaScript
  • Strong familiarity with cloud environments (AWS, GCP) and their native security and identity controls
  • Demonstrated expertise in threat modeling and designing defense-in-depth strategies for complex applications
  • Solid understanding of modern identity standards and technologies, including MFA, SSO, and WebAuthn
  • Excellent communication and collaboration skills, with the ability to articulate technical findings and security risks to diverse audiences
  • Strong critical thinking and creative problem-solving skills, with the ability to analyze systems from an attacker's perspective and devise effective countermeasures

Nice to have

  • Experience with Okta and Salesforce security principles and best practices
  • Certifications (preferred): Certified Information Systems Security Professional (CISSP), Certified Application Security Engineer (CASE), or similar credentials

What we offer

  • Medical/Dental/Vision Insurance
  • Life Insurance
  • Disability Insurance
  • 401k Plan + Company Match
  • Stock Purchase Plan
  • Paid Vacations/Holidays
  • Paid Baby Bonding Leave
  • Employee Discounts
  • PowerU - 100% Funded Education Programs
  • Employee Donation Matching
  • Volunteer Hour Rewards
Sunrun - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Staff Application Security Engineer

8 matching positions

Staff Application Security Engineer

We're building security systems for medical technology that handles sensitive da...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
heidihealth.com Logo
Heidi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Senior/staff-level capability expressed as autonomy, depth, and ability to scale impact
  • Operates with high autonomy: can take an ambiguous app risk area and drive it from discovery to architecture to rollout
  • Strong domain understanding of modern application architectures, distributed systems failure modes, and common security pitfalls
  • Designs pragmatic security architectures that fit product constraints and delivery realities
  • Builds leverage through reusable patterns, shared components, and clear standards, not just one-off reviews
  • Communicates trade-offs clearly and aligns product and engineering stakeholders on decisions
Job Responsibility
Job Responsibility
  • Lead secure architecture work early: threat model features, define security requirements, and propose concrete architecture options
  • Design and standardise secure patterns for authentication, session management, and token handling across services and client applications
  • Design and review authorisation models and access control patterns (policy enforcement, fine-grained controls)
  • Establish secure API architecture patterns: validation and normalisation, rate limiting, abuse resistance, and observability signals
  • Build libraries, templates, and reference implementations so teams can adopt secure patterns with minimal friction
  • Shape security testing and feedback loops (static and dynamic testing, dependency scanning) so they reinforce architecture choices and stay actionable
  • Contribute to the wider security program by turning recurring application risks into standards, shared components, and engineering guidance
What we offer
What we offer
  • Flexible hybrid working environment, with 3 days in the office
  • A generous personal development budget of $500 per annum
  • Learn from some of the best engineers and creatives, joining a diverse team
  • Become an owner, with shares (equity) in the company, if Heidi wins, we all win
  • The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups
  • If you have an impact quickly, the opportunity to fast track your startup career
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , San Francisco
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Austin
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Ensure security in the development cycle while simultaneously creating a condition where technical teams are not burdened by controls
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
  • Process several simultaneous technical and administrative inputs while consistently working towards clear goals for remediation and containment
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Chicago
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Melbourne; Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
  • Fulltime
Read More
Arrow Right

Staff Engineer Application Security

At Appen, we are at the forefront of data annotation and AI innovation, powering...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
appen.com Logo
Appen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field
  • 10+ years of experience in Application Security, including secure software development and architecture
  • Strong knowledge of secure coding practices, OWASP Top 10, and common application vulnerabilities
  • Hands-on experience with security tools such as Snyk, SonarCloud, Burp Suite, Nessus, and others
  • Threat detection and incident response: familiar with security incidents, ability to develop proactive strategies to mitigate risks through close collaboration with teams
  • Familiarity with cloud security principles, preferably in AWS environments
  • Experience with CI/CD pipelines and integrating security into DevOps workflows (DevSecOps)
  • Strong scripting and automation skills (e.g., Python, Bash, or similar)
  • Excellent problem-solving skills and the ability to think like an attacker
  • Relevant certifications such as CISSP, OSCP, CEH, or similar are highly desirable
Job Responsibility
Job Responsibility
  • Lead the design and implementation of application security architecture across our SaaS platforms
  • Conduct security assessments, threat modelling, and code reviews to identify and mitigate vulnerabilities
  • Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
  • Collaborate with Engineering and Platform teams to integrate security best practices into the CI/CD pipeline
  • Perform penetration testing, security audits, and vulnerability assessments
  • Develop and maintain secure coding standards, guidelines, and training programs for engineering teams
  • Implement and manage security tools such as SAST, DAST, and other security automation solutions
  • Stay up to date with emerging security threats, technologies, and industry best practices
  • Respond to security incidents and work with incident response teams to investigate and remediate issues
  • Mentor and guide junior security engineers, fostering a culture of security awareness and continuous improvement
  • Fulltime
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right