Senior Application Security Engineer [Remote-US]

The role

As a Senior Application Security Engineer, you will serve as the primary partner for web and backend engineering teams, helping embed security best practices throughout the software development lifecycle. You will support secure design, conduct threat modeling, review backend and frontend code, and lead integration of security tools into developer workflows. Your role bridges frontend and API security, and you will be responsible for helping developers resolve complex security challenges across product surfaces.

Day-to-Day Responsibilities

• Partner with one product portfolio to facilitate overall product security management, emphasis on AI/ML‑specific security concerns and cross‑functional work with data science teams
• Perform security design reviews and threat modeling on APIs, web features, and service integrations, including integrating SAST, SCA, and DAST tools into CI/CD pipelines
• Support secure development practices across security champions and engineering
• Review source code and deployment configurations for security vulnerabilities
• Collaborate with developers to triage, fix, and validate vulnerability findings
• Participate in cross‑functional incident response and remediation planning
• Draft and maintain AppSec guidance for engineering teams and security champions
• Contribute to security awareness and enablement across the engineering org
• Develop AppSec related integrations and deployments of automation solutions (ASVS scanning, burpsuite enterprise)
• Support application security integration reviews, SaaS security assessments, OSS reviews

About you

• Bachelor’s degree or equivalent relevant experience
• 6‑8 years of experience in application security or full‑stack development with security expertise
• Strong understanding of secure coding in JavaScript/TypeScript, Node.js, and web standards
• Familiar with application risk and vulnerabilities (OWASP Top 10, API Security, SSRF, etc.)
• Experience with code scanning tools (e.g., CodeQL, Semgrep, SonarQube, Snyk)
• Comfortable reading and debugging complex codebases across the stack
• Clear and thoughtful communicator with the ability to guide engineers at all levels
• Working concepts of offensive security testing such as pentesting or bug bounties

Bonus Points

• Experience with GraphQL security
• Participation in security champions programs or secure SDLC rollouts
• Contributions to open‑source security tooling
• Familiarity with infrastructure‑as‑code and container security

Salary

$220,000 to $350,000*

*The final salary offered will be determined based on the selected candidate's skills and experience, as well as the internal salary structure at Quanata. Our aim is to offer a competitive and equitable compensation package that reflects the candidate's expertise and contributions to our organization.

Additional Details

• Benefits : We provide a wide variety of health, wellness and other benefits. These include medical, dental, vision, life insurance and supplemental income plans for you and your dependents, a Headspace app subscription, monthly wellness allowance and a 401(k) plan with a company match.
• Work from Home Equipment : A one‑time payment of $2K will be provided to cover the purchase of in‑home office equipment and furniture at your discretion. Our teams work with MacBook Pros, which we will deliver to you fully provisioned prior to your first day.
• Paid Time Off : All employees accrue four weeks of PTO in their first year of employment. New parents receive twelve weeks of fully paid parental leave which may be taken within one year after the birth and/or adoption of a child. The twelve weeks is applicable to both birthing and non‑birthing parents.
• Personal and Professional Development : All employees receive up to $5,000 each year for professional learning, continuing education and career development. All team members also receive LinkedIn Learning subscriptions and access to various coaching opportunities through BetterUp.
• Location : We are a remote‑first company for most positions so you may work from anywhere you like in the U.S., excluding U.S. territories. Work may be required to be done at one of our local offices as desired.
• Hours : We maintain core meeting hours from 9 AM – 2 PM Pacific Time for collaborating with team members across all time zones.

Quanata, LLC is an equal opportunity workplace. We are committed to equal employment opportunities regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or veteran status. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

If you require a reasonable accommodation, please reach out for assistance.