Application Security Engineer

This is a remote position.

About The Role

As a Senior Application Security Engineer, you will be a hands-on builder responsible for protecting our platform, our customers, and their data. This is not a governance role; you will spend your time in the code, designing and implementing the systems that secure our products from the ground up. You will own critical security infrastructure, build automations to eliminate entire classes of vulnerabilities, and serve as a deep technical expert for our engineering organization. This role is for an engineer who is passionate about security and wants to solve complex security problems at scale through high-quality, maintainable code.

What You'Ll Be Doing:

• Design, code, and deploy automated security controls, services, and frameworks to prevent vulnerabilities at scale.
• Build, own, and operate the tools and infrastructure for our application security program, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning solutions.
• Perform hands-on threat modeling, security architecture reviews, and in-depth code reviews (Python/TypeScript) for new products and critical features to ensure they are secure by design.
• Conduct penetration tests and vulnerability assessments against our applications and APIs to proactively identify and remediate security weaknesses.
• Develop custom tools and automation to streamline security operations and enhance our detection and response capabilities.
• Act as a key member of our incident response team during security events.
• Mentor and educate product engineers on secure coding best practices, acting as a subject matter expert and fostering a culture of security ownership.

What We'Re Looking For:

Experience:

• 4+ years of hands-on experience in a software engineering or application security role, with a proven track record of shipping code and building security solutions.
• Demonstrated history of successful cross-organizational efforts and the ability to drive complex technical projects to completion.

Programming & Scripting:

• Expert-level proficiency in Python, including experience building security tools, automation scripts, or backend services.
• Professional experience with Go or TypeScript is a significant plus.

Security Expertise:

• Deep, hands-on knowledge of common application vulnerabilities, such as the OWASP Top 10, and their mitigation techniques.
• Proven experience integrating, fine-tuning, and operating security tools (e.g., SAST, DAST, SCA) within developer workflows.
• Experience conducting manual penetration tests and vulnerability assessments on web applications and APIs.
• Previous experience implementing protections for Generative AI systems is a significant plus.

Cloud & Infrastructure:

• Hands-on experience securing public cloud environments (AWS or GCP). 
• Basic proficiency with Infrastructure as Code (e.g., Terraform) and containerization technologies (e.g., Docker, ECS, or Kubernetes), including best practices for securing them.
• We have a dedicated infrastructure security engineer on staff, so we’re not expecting as much depth there for this role – however, you should be familiar with the basics.

Compensation:

The standard base pay range for this role is $155,00.00 - $175,000.00 Annually. This base pay range does not include variable compensation including potential commissions, bonuses or other financial or equity incentives. 

#Bi-Remote

Unit21 Is An Equal Opportunity Employer, We Encourage All To Apply, Even If You Do Not Meet Each Requirement Above. We Are Building A Diverse, Inclusive Workforce And Hope You Will Join Us!

What We Can Offer You:

• 401(K)

• Charity Matching

• Commuter Benefits

• Happy hours and team-building events
• Great office space in the San Francisco Financial District

• Fully Stocked Kitchen

• Lunch and dinner provided in SF office at least 3x per week
• A great company culture with a strong emphasis on diversity, equity and inclusion
• Competitive salary and pre-IPO stock options
• 100% company-paid medical, dental and vision insurance (for employee)
• Optional HSA and FSA medical reimbursement accounts
• Unlimited paid time off
• Generous leave programs for life events
• Annual Learning & Development stipend
• One-time Home office set-up stipend
• Wellness Bundle: One Medical, Headspace, Gympass and Carrot Fertility

About Unit21

Unit21 stops bad actors by leveraging data to deliver justice and safety in the world. We protect businesses against adversaries engaging in money laundering, fraud, and other sophisticated risks by offering no-code infrastructure to model, detect, and remediate suspicious activity. Our customers range from large Fortune 500 companies to high-potential, pre-launch startups. We have reported over USD $2 billion in fraud and laundered money to the US government using our software.

We are a rapidly growing Series C startup, having raised close to $100m from Google, Tiger Global, ICONIQ Capital, Jack Dorsey, Diane Greene, and other leading VCs. Our team believes deeply in fostering individual ownership, iterative product development, and empathetic communication. There are many challenging problems to solve in this industry, and a huge opportunity for our software to empower companies to define a new standard of eliminating bad behavior on their platforms.

We encourage people of all backgrounds to apply. Unit21 is committed to creating an inclusive culture, and we celebrate diversity of all kinds.