Unit21
Application Security Engineer-Hybrid(SF) preferred, remote OK
Unit21, San Francisco, California, United States, 94199
Application Security Engineer – Hybrid (SF) Preferred, Remote OK
Join to apply for the Application Security Engineer – Hybrid (SF) Preferred, Remote OK role at
Unit21 .
Base pay range $150,000.00/yr - $175,000.00/yr
About Unit21 Unit21 protects businesses against adversaries engaging in money laundering, fraud, and other sophisticated risks by offering a no-code toolset to model, detect, and remediate suspicious activity. We are backed by investments from Google, Tiger Global, ICONIQ, Diane Greene (Google / Google Cloud), Jack Dorsey (Block / Twitter), William Hockey (Plaid), among others.
About the role As a Senior Application Security Engineer, you will be a hands‑on builder responsible for protecting our platform, our customers, and their data. This is not a governance role; you will spend your time in the code, designing and implementing the systems that secure our products from the ground up. You will own critical security infrastructure, build automations to eliminate entire classes of vulnerabilities, and serve as a deep technical expert for our engineering organization. This role is for an engineer who is passionate about security and wants to solve complex security problems at scale through high‑quality, maintainable code.
What you'll be doing
Design, code, and deploy automated security controls, services, and frameworks to prevent vulnerabilities at scale.
Build, own, and operate the tools and infrastructure for our application security program, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning solutions.
Perform hands‑on threat modeling, security architecture reviews, and in‑depth code reviews (Python/TypeScript) for new products and critical features to ensure they are secure by design.
Conduct penetration tests and vulnerability assessments against our applications and APIs to proactively identify and remediate security weaknesses.
Develop custom tools and automation to streamline security operations and enhance our detection and response capabilities.
Act as a key member of our incident response team during security events.
Mentor and educate product engineers on secure coding best practices, acting as a subject‑matter expert and fostering a culture of security ownership.
What we're looking for Experience
4+ years of hands‑on experience in a software engineering or application security role, with a proven track record of shipping code and building security solutions.
Demonstrated history of successful cross‑organizational efforts and the ability to drive complex technical projects to completion.
Programming & Scripting
Expert‑level proficiency in Python, including experience building security tools, automation scripts, or backend services.
Professional experience with Go or TypeScript is a significant plus.
Security Expertise
Deep, hands‑on knowledge of common application vulnerabilities, such as the OWASP Top 10, and their mitigation techniques.
Proven experience integrating, fine‑tuning, and operating security tools (SAST, DAST, SCA) within developer workflows.
Experience conducting manual penetration tests and vulnerability assessments on web applications and APIs.
Previous experience implementing protections for Generative AI systems is a significant plus.
Hands‑on experience securing public cloud environments (AWS or GCP).
Basic proficiency with Infrastructure as Code (e.g., Terraform) and containerization technologies (Docker, ECS, or Kubernetes), including best practices for securing them.
We have a dedicated infrastructure security engineer on staff, so we’re not expecting as much depth here for this role – however, you should be familiar with the basics.
Compensation The standard base pay range for this role is $155,000.00 - $175,000.00 annually. This base pay range does not include variable compensation, including potential commissions, bonuses or other financial or equity incentives.
Unit21 is an equal‑opportunity employer. We encourage all to apply, even if you do not meet each requirement above. We are building a diverse, inclusive workforce and hope you will join us.
What we can offer you
Competitive salary and pre‑IPO stock options.
100% company‑paid medical, dental, and vision insurance (for employee).
Optional HSA and FSA medical reimbursement accounts.
Unlimited paid time off.
Generous leave programs for life events.
401(k).
Charity matching.
One‑time Home office set‑up stipend.
Wellness Bundle: One Medical, Headspace, Gympass and Carrot Fertility.
Happy hours and team‑building events.
Great office space in the San Francisco Financial District.
Fully stocked kitchen.
Lunch and dinner provided in SF office at least 3× per week.
Great company culture with a strong emphasis on diversity, equity and inclusion.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Engineering and Information Technology
Industries Software Development and Financial Services
#J-18808-Ljbffr
Unit21 .
Base pay range $150,000.00/yr - $175,000.00/yr
About Unit21 Unit21 protects businesses against adversaries engaging in money laundering, fraud, and other sophisticated risks by offering a no-code toolset to model, detect, and remediate suspicious activity. We are backed by investments from Google, Tiger Global, ICONIQ, Diane Greene (Google / Google Cloud), Jack Dorsey (Block / Twitter), William Hockey (Plaid), among others.
About the role As a Senior Application Security Engineer, you will be a hands‑on builder responsible for protecting our platform, our customers, and their data. This is not a governance role; you will spend your time in the code, designing and implementing the systems that secure our products from the ground up. You will own critical security infrastructure, build automations to eliminate entire classes of vulnerabilities, and serve as a deep technical expert for our engineering organization. This role is for an engineer who is passionate about security and wants to solve complex security problems at scale through high‑quality, maintainable code.
What you'll be doing
Design, code, and deploy automated security controls, services, and frameworks to prevent vulnerabilities at scale.
Build, own, and operate the tools and infrastructure for our application security program, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and secret scanning solutions.
Perform hands‑on threat modeling, security architecture reviews, and in‑depth code reviews (Python/TypeScript) for new products and critical features to ensure they are secure by design.
Conduct penetration tests and vulnerability assessments against our applications and APIs to proactively identify and remediate security weaknesses.
Develop custom tools and automation to streamline security operations and enhance our detection and response capabilities.
Act as a key member of our incident response team during security events.
Mentor and educate product engineers on secure coding best practices, acting as a subject‑matter expert and fostering a culture of security ownership.
What we're looking for Experience
4+ years of hands‑on experience in a software engineering or application security role, with a proven track record of shipping code and building security solutions.
Demonstrated history of successful cross‑organizational efforts and the ability to drive complex technical projects to completion.
Programming & Scripting
Expert‑level proficiency in Python, including experience building security tools, automation scripts, or backend services.
Professional experience with Go or TypeScript is a significant plus.
Security Expertise
Deep, hands‑on knowledge of common application vulnerabilities, such as the OWASP Top 10, and their mitigation techniques.
Proven experience integrating, fine‑tuning, and operating security tools (SAST, DAST, SCA) within developer workflows.
Experience conducting manual penetration tests and vulnerability assessments on web applications and APIs.
Previous experience implementing protections for Generative AI systems is a significant plus.
Hands‑on experience securing public cloud environments (AWS or GCP).
Basic proficiency with Infrastructure as Code (e.g., Terraform) and containerization technologies (Docker, ECS, or Kubernetes), including best practices for securing them.
We have a dedicated infrastructure security engineer on staff, so we’re not expecting as much depth here for this role – however, you should be familiar with the basics.
Compensation The standard base pay range for this role is $155,000.00 - $175,000.00 annually. This base pay range does not include variable compensation, including potential commissions, bonuses or other financial or equity incentives.
Unit21 is an equal‑opportunity employer. We encourage all to apply, even if you do not meet each requirement above. We are building a diverse, inclusive workforce and hope you will join us.
What we can offer you
Competitive salary and pre‑IPO stock options.
100% company‑paid medical, dental, and vision insurance (for employee).
Optional HSA and FSA medical reimbursement accounts.
Unlimited paid time off.
Generous leave programs for life events.
401(k).
Charity matching.
One‑time Home office set‑up stipend.
Wellness Bundle: One Medical, Headspace, Gympass and Carrot Fertility.
Happy hours and team‑building events.
Great office space in the San Francisco Financial District.
Fully stocked kitchen.
Lunch and dinner provided in SF office at least 3× per week.
Great company culture with a strong emphasis on diversity, equity and inclusion.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Engineering and Information Technology
Industries Software Development and Financial Services
#J-18808-Ljbffr