Description
Principal Application Security Expert (Offensive Security & Research)
Role Overview
We are looking for a Principal Application Security Expert with a strong offensive security and research mindset to lead the discovery, analysis, and remediation of critical and systemic application security vulnerabilities across our products and platforms.
This role goes beyond finding individual bugs — it focuses on identifying root causes, architectural weaknesses, and recurring security anti-patterns, and driving secure-by-default solutions that prevent entire classes of vulnerabilities in the future.
You will work as a trusted partner to engineering teams, influencing design decisions, improving security posture at scale, and raising the overall security maturity of our applications.
Key Responsibilities
Lead offensive security assessments (manual testing, code review, architectural analysis, threat modeling) across complex application ecosystems.
Discover critical, high-impact, and systemic vulnerabilities rather than isolated or one-off issues.
Conduct security research to identify emerging attack vectors, abuse cases, and bypass techniques relevant to our applications and platforms.
-
Partner closely with software engineers, tech leads, and architects to:
Clearly explain risk, impact, and exploitability
Design and implement effective remediations
Ensure fixes are scalable, maintainable, and aligned with engineering realities
-
Drive Secure by Default initiatives by:
Defining security guardrails, patterns, and baseline controls
Eliminating insecure defaults and unsafe configurations
Preventing future vulnerabilities through platform-level and framework-level changes
Influence application and platform design early in the development lifecycle to prevent vulnerabilities before they are introduced.
Help shape security standards, best practices, and architectural guidance for application development.
Mentor engineers and security team members, raising overall security awareness and offensive security skills.
Collaborate with detection, monitoring, and incident response teams to improve visibility into real-world exploitation.
Required Qualifications
Deep expertise in Application Security with a strong offensive / attacker mindset.
Proven experience finding critical and systemic vulnerabilities in large-scale or complex applications.
-
Strong understanding of:
Web application security (OWASP Top 10 and beyond)
Authentication & authorization flaws
API security
Injection attacks, logic flaws, access control bypasses
Secure design and threat modeling
Hands-on experience with manual security testing (not relying solely on automated tools).
Ability to translate complex security findings into clear, actionable guidance for engineers.
Strong communication skills and experience working collaboratively with engineering teams.
Preferred Qualifications
Experience driving platform-level or framework-level security improvements.
Background in security research, vulnerability discovery, or red teaming.
Experience influencing or leading Secure by Default / security-by-design initiatives.
Familiarity with cloud-native architectures, microservices, and large distributed systems.
Ability to balance security rigor with product velocity and developer experience