Senior Application Security Engineer

Tatari

$165K — $190K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Production Python experience; Java or Rust is a plus.
  • Hands-on application security experience in a SaaS environment.
  • Familiarity with established application security standards and vulnerabilities.
  • Experience in threat modeling with cross-functional teams.
  • Ability to build security tooling and automation.
  • Understanding of AWS and Kubernetes security controls.
  • Knowledge of LLMs and their associated risks in a security context.

Responsibilities

  • Design and implement application security initiatives for the SaaS platform.
  • Develop security automation within CI/CD pipelines to manage risks.
  • Oversee container security during both build and runtime stages.
  • Create tools and libraries to facilitate secure coding for engineering teams.
  • Conduct application security reviews and model threats for new features.
  • Identify and address vulnerabilities in APIs, services, and data flows.
  • Collaborate with engineers to set secure coding practices and provide support.

Benefits

  • Equity compensation included.
  • Health insurance for you and dependents.
  • 401K plan, FSA, and commuter benefits available.
  • Monthly spending account for work-related expenses.
  • Annual education benefit for continued learning opportunities.
  • New employee productivity perk worth $500.
  • Unlimited PTO and sick days.
  • Dedicated monthly wellness day off.
  • Snacks, drinks, and office lunches provided.
  • Team-building events to foster cooperation and camaraderie.
  • Hybrid work model requiring 2 office days per week.
Full Job Description
We\'re a late-stage AdTech company with a recently attained SOC2 Type II attestation, and a clear mandate to mature our security and privacy posture.

We\'re looking for the right engineer to make it happen.

The Role:

As our first dedicated Application Security Engineer, you will define the security architecture for everything we ship. You will work directly with our Engineering teams to identify vulnerabilities, design mitigations, and build the tooling and automation that makes secure development the path of least resistance. You will report to the Head of Security as a key technical contributor to Tatari\'s Security program.

You write production-quality code. You think like an attacker. And you know how to bring engineers along with you.

Responsibilities:
  • Design and execute greenfield AppSec initiatives across Tatari\'s SaaS platform from threat modeling to remediation
  • Build and maintain security automation integrated into CI/CD pipelines and manage software supply chain risk
  • Own container security across build and runtime
  • Develop internal tooling and libraries that make secure coding easier for application engineers
  • Own SAST/DAST/SCA tooling: selection, tuning, CI/CD integration, and triage
  • Conduct application security reviews and threat models for new features and architectural changes
  • Identify and remediate vulnerabilities across APIs, services, and data pipelines
  • Partner with Engineering teams to establish secure coding standards and provide hands-on guidance
  • Assess and mitigate LLM-introduced risks in product features
  • Integrate agentic tooling into AppSec workflows to reduce toil
  • Contribute to security incident response when application-layer issues are involved

Qualifications:
  • Production Python experience with the engineering depth to review code meaningfully and build security tooling; Java or Rust is a bonus
  • Significant hands-on application security experience, ideally at a SaaS company, including working knowledge of established standards (OWASP Top 10, API Security Top 10, ASVS, SPVS, AISVS) and how common vulnerability classes manifest in production systems
  • Threat modeling experience with Product and Engineering teams
  • Experience building security tooling or automation (scripts, pipelines, libraries)
  • Familiarity with AWS and Kubernetes security controls as they relate to application-layer risks
  • Working knowledge of how LLMs introduce new attack surfaces and how to mitigate them, with practical experience using AI tools in security or engineering workflows
  • Demonstrated experience reviewing API designs and implementations for auth anti-patterns, token mismanagement, injection risks, and sensitive data exposure
  • Track record embedding with Engineering teams: code review, design consultation, and standards definition
  • Experience building or maturing an AppSec program where coverage, tooling, or process needed to be defined from scratch

Benefits:
  • Total compensation ($165,000-$190,000)
  • Equity compensation
  • Health insurance coverage for you and your dependents
  • 401K, FSA, and commuter benefits
  • $150 monthly spending account
  • $1,000 annual continued education benefit
  • $500 Newbie Productivity Perk
  • Unlimited PTO and sick days
  • Monthly Company Wellness Day Off
  • Snacks, drinks, and catered lunches at the office
  • Team building events
  • Hybrid RTO of 2 days per week in office.

#LI-HYBRID

Similar Jobs

More Jobs at Tatari

More Information Technology Jobs

Find similar Senior Application Security Engineer jobs: