What you'll do:We're looking for aStaff Security Engineer, Application Security to help scale and mature our security program. You'll own key security domains and initiatives end-to-end, working closely with engineering to ensure systems are secure by design. This role is highly hands-on, with opportunities to drive meaningful impact through automation, secure design, and developer enablement. You'll operate with significant autonomy while partnering with senior engineers and security leadership to scale security across the organization.
In this role you will:- Own key security domains such as vulnerability management, application security, API security, and supply chain security
- Drive improvements in security coverage, prioritization, and remediation workflows
- Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows
- Provide actionable, pragmatic guidance that helps teams ship securely
- Develop and improve security tooling and automation to reduce manual effort
- Implement and tune tools for SAST, SCA, DAST, dependency security, and container security
- Leverage AI/LLMs where appropriate to improve triage, detection, and review processes
- Triage and prioritize vulnerabilities using risk-based approaches
- Partner with teams to ensure timely remediation of critical issues
- Help define and improve SLAs, metrics, and reporting
- Conduct threat modeling, design reviews, and security assessments
- Contribute to incident response and postmortems for security events
- Identify and help remediate systemic risks
What you'll need:- 7+ years of experience in Application Security, Product Security, or Security Engineering
- Strong hands-on experience with threat modeling and secure design
- Experience with vulnerability management and application security tooling
- Experience working in cloud-native environments such as AWS and GCP
- Experience integrating security into CI/CD pipelines and developer workflows
- Ability to write code in Python, Go, or similar languages for automation and tooling
- Strong ability to work cross-functionally with engineering teams
Bonus points for:- Experience scaling security in a high-growth or late-stage startup
- Familiarity with AI-driven security workflows or automation
- Background in API security, data protection, or multi-tenant systems
- Experience with bug bounty programs and penetration testing
- Security certifications such as CISSP
Compensation:The salary range for this role will be $210,000.00 - $260,000.00 USD. In addition, this position will also receive an annual target bonus of 12%. Bonus pay at NinjaTrader is based on individual performance (50%) as well as company/team performance (50%).
Salary and bonus earnings are only two components of the total compensation package offered by NinjaTrader. NinjaTrader offers a 401K plan through ADP under which the company will match up to 3.5% of employee contributions. Annual paid time off allowance accrues at a rate of 23 days per year (some positions may qualify for more) plus seven paid holidays.
Location:This role is based in Chicago, IL. *There may be remote flexibility for exceptional candidates in the following states: California, Colorado, Florida, Georgia, Illinois, Indiana, Minnesota, Missouri, Montana, New Jersey, New York, North Carolina, Ohio, Oregon, Pennsylvania, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Washington DC, Wisconsin.
Hybrid:For Chicago-based employees, we follow a hybrid work schedule: In-office Tuesday through Thursday, with remote work on Mondays and Fridays. In addition to these weekly remote days, we offer:
- 20 additional flex remote days annually
- 5 Company Wide Office-Optional weeks tied to major holidays
Our Core Benefits Include:- Generous PTO
- 7 Paid Holidays Annually + 5 Conditional Holidays Annually
- 1 Service Day Annually
- 401k with 3.5% Company Match
- Paid Parental Bonding Leave
- Health, Vision, Dental Coverage
- Life and Disability Insurance Covered 100% by NinjaTrader