Back to careersSecurity · Full-time

Application Security Engineer

Remote (Nepal)

About the role

Our customers are enterprises deploying agentic systems into workflows that touch real money, sensitive data, and regulated processes. When they ask us what our security posture looks like, the answer has to be airtight. The Application Security Engineer owns that answer — across our runtime, our client-facing surfaces, and the documentation that enterprise procurement teams scrutinize before signing.

This role spans threat modeling on new features, running SAST and DAST pipelines, and sitting in design reviews to catch security issues before they become code. You will also be the primary author of our security documentation — the SOC 2 narratives, the vendor questionnaire responses, and the trust center content that helps prospects understand what we do and do not do with their data.

Agentic systems introduce security problems that traditional AppSec frameworks were not designed for: prompt injection, runaway task escalation, and cross-agent data leakage. You will be expected to develop our thinking on these attack surfaces — not just apply playbooks that already exist.

What you'll do

  • Own the application security program end to end: threat modeling, vulnerability management, SAST/DAST pipeline configuration, and remediation prioritization.
  • Conduct secure design reviews for new runtime features, API surfaces, and customer-facing integrations — early in the process, not after the code ships.
  • Define and maintain security controls for agentic-specific threat vectors: prompt injection, tool misuse, data exfiltration through model outputs, and unauthorized task escalation.
  • Write and maintain enterprise security documentation — SOC 2 control narratives, penetration test summaries, vendor questionnaire responses, and trust center content.
  • Partner with the platform team to build security monitoring into the observability layer so that anomalous agent behavior surfaces as an alert, not a postmortem finding.
  • Run tabletop exercises and security reviews with the engineering team to build security intuition across the org, not just within the security function.

What we're looking for

  • 5+ years of application security experience with a track record of shipping security improvements that measurably reduced risk, not just expanded the finding count.
  • Hands-on experience with SAST tools (Semgrep, CodeQL), DAST tools (Burp Suite, OWASP ZAP), and integrating them into CI/CD pipelines in a way teams actually use.
  • Strong written communication: you can produce security documentation that both technical engineers and enterprise procurement teams can read and trust.
  • Experience with cloud-native security patterns on AWS, GCP, or Azure — IAM design, network segmentation, secrets management, and logging.
  • Familiarity with compliance frameworks relevant to enterprise software: SOC 2 Type II, ISO 27001, HIPAA, and GDPR at minimum.

Nice to have

  • Prior experience securing AI or ML systems — specifically LLM-based applications where the attack surface includes model inputs and outputs, not just the application layer.
  • Bug bounty track record or published CVEs that demonstrate independent vulnerability research capability.
  • Experience conducting or scoping penetration tests and translating findings into engineering-level remediation guidance.

Interview process

  1. 01

    Intro call (30 min)

    We talk about your background in AppSec, what types of systems you have secured, and what you find most interesting about security in agentic software.

  2. 02

    Technical interview (60 min)

    We walk through a real threat model for one of our runtime components. We want to understand how you reason about attack surfaces, not whether you know a specific tool.

  3. 03

    Documentation review (45 min)

    You review a draft security document and give us feedback. We care about your attention to detail and your ability to communicate security clearly to non-security audiences.

  4. 04

    Offer and references

    We move fast. If it is a fit, you will hear from us within a week of your final interview.

Apply

Apply for this role

Fill out the form below. We read every application and respond within five business days.

PDF only · max 10 MB

Prefer to start with a conversation?

Your information is used solely for evaluating your application and is stored securely.