Senior Application Security Engineer

job summary:

Position Overview

Our client is seeking an engineering-first Staff Application Security Engineer focused entirely on identifying and reducing production risk across live systems. This role is highly hands-on and centers on analyzing complex, distributed architectures, uncovering exploitable paths, and driving code-level fixes directly in production systems alongside backend teams.

location: San Jose, California

job type: Permanent

salary: $275,000 - 350,000 per year

work hours: 9am to 5pm

education: No Degree Required



responsibilities:

What You'll Do

• Secure Core Architectures: Review and secure production application paths, with a sharp focus on authentication flows, sessions, tokens, identity binding, and API surfaces.
• Triage & Prioritize: Triage findings from code reviews, penetration tests, bug bounty reports, and automated tooling to isolate and prioritize real, exploitable risks.
• Direct Code Remediation: Partner directly with backend engineers to implement fixes directly in the code, rather than just providing advisory recommendations.
• Holistic Systems Analysis: Analyze systems holistically, reasoning across distributed services, trust boundaries, and complex state transitions.
• Build Guardrails & Automation: Identify recurring vulnerability patterns and translate them into reusable developer guidance, architectural guardrails, or automated security checks.
• Maintain Engineering Velocity: Support design and launch reviews seamlessly while maintaining fast development velocity.
• Leverage Next-Gen Tooling: Use automation and AI-assisted workflows to continuously improve review coverage, speed, and consistency.

qualifications:

Qualifications

Required:

Deep AppSec Mastery: Strong application security experience, particularly in authentication, access control, session management, JWTs, redirects, and API security surfaces.

Distributed Systems Fluency: Proved ability to reason across distributed architectures, asynchronous services, and complex identity flows.

Hands-on Production Code Review: Direct experience performing code reviews and driving active vulnerability remediation inside production environments.

Thriving in Ambiguity: Strong problem-solving skills in high-velocity, fast-changing, and ambiguous environments.

Automation and Scripting: Hands-on experience writing scripts and automating workflows (e.g., Python, Bash).

Preferred:

Experience working within high-velocity tech engineering environments.

Strong systems thinking with a knack for tracing and mapping out multi-step exploit chains.

Practical experience utilizing AI tools or LLM coding assistants to accelerate security reviews and analysis.

A strong, proven personal preference for hands-on code patching over advisory-only or compliance-only security roles.

What Success Looks Like

High-impact production risks are identified and resolved efficiently without development lag.

Security design reviews comfortably keep pace with rapid engineering deployment schedules.

Core product developers receive clear, highly actionable guidance that translates into immediate code-level fixes.

Recurring issues across core auth, access control, and API security surfaces steadily decrease over time.

Application security scales fluidly with product development speed without becoming a corporate bottleneck.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.


Qualified applicants in San Francisco with criminal histories will be considered for employment in accordance with the San Francisco Fair Chance Ordinance.



Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.



We will consider for employment all qualified Applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance.