What you'll do - Own the long-term technical direction for application security across Thumbtack. Build prioritized roadmaps and drive remediation of systemic security risks across the application stack.
- Lead large, cross-functional security initiatives from problem definition through delivery.
- Design secure-by-default architectures, standards, and paved paths for engineering teams. Design and implement shared security tooling, libraries, patterns, and services that enable engineering to ship quickly and safely. Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows.
- Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals.
- Lead application security design reviews, architectural discussions, and threat modeling for critical systems. Contribute code, reviews, and designs to address complex or novel security risks.
- Mentor engineers and raise the overall security bar through guidance and example.
- Support security incident response and drive learning through post-incident analysis.
In order to be successful, you must bring- 8+ years of experience in software engineering and application security, including a strong understanding of secure coding practices and application security frameworks.
- Deep expertise in secure system design and architecture as well as modern application security tools, patterns, and practices (e.g. threat modeling, secure design patterns, authentication and authorization, secrets management, vulnerability discovery and remediation workflows).
- Proven track record leading large, cross-functional technical initiatives with sustained impact.
- Strong experience securing modern, cloud-native systems (AWS and/or GCP).
- Strong product intuition and analytical, risk-informed thinking, identifying where security investments will have the highest leverage and measurable impact. Ability to balance pragmatism and rigor, making thoughtful tradeoffs between risk, velocity, and maintainability.
- Strong sense of ownership and accountability, balancing hands-on technical execution with the ability to mentor others, raise standards, and drive organization-wide improvements in application security.
- Excellent written and verbal communication skills, with the ability to influence without authority and the ability to explain complex security issues to both technical and non-technical audiences.
Expected salary ranges- For candidates living in San Francisco / Bay Area, San Jose, New York City, or Seattle metros, the expected salary range for the role is currently $249,900.00 - $323,400.00.
- For candidates living in Austin, TX or Washington DC metros or in California, Massachusetts, New Jersey, or Washington states, the expected salary range for the role is currently $225,300.00 - $291,500.00.
- For candidates living in all other US locations, the expected salary range for this role is currently $212,500.00 - $275,000.00.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
