Staff Application Security Engineer
$185k - $260kBitwise Asset Management
It’s rare that a new asset class is born. Nevertheless, we’re witnessing exactly that with the rise of crypto. Over just the last few years, since Bitwise was founded, crypto has evolved from an embryonic $50B market to a growing $3T+ juggernaut. This is an exciting moment for Bitwise as a firm. For eight years, we have established a track record of excellence managing a broad suite of index and active solutions across ETFs, separately managed accounts, private funds, institutional staking, and hedge fund strategies. This year, we crossed $15B in client assets and are growing quickly. Thousands of financial advisors, family offices, and institutional investors partner with Bitwise to understand and access the opportunities in crypto. We are known for providing unparalleled client support through expert research and commentary, a nationwide client team of crypto specialists, and deep access to the crypto ecosystem. Currently, Bitwise is a close-knit team of 100+ global professionals. Think of us as a mix of an asset manager and a tech start‑up. We’re backed by some of the most accomplished investors in venture capital and veterans of the financial services world. We love working together, we love what we do, and we’re excited about what’s ahead. About The Role Our engineering organization is growing, and with that growth comes an expanding application and infrastructure footprint that requires dedicated application security ownership. This role exists to build that function from the ground up. As our first dedicated Staff Application Security Engineer, you will own the design and implementation of our application security program, from SAST and DAST tooling to secure SDLC practices, threat modeling, dependency security, and penetration testing coordination. You will work directly with engineering teams across a cloud‑based environment securing both customer‑facing products and internal systems. You will be reporting directly to the Head of Security and will have the autonomy and organizational support to build an application security program that is practical, scalable, and aligned to the risk profile of a company operating in the digital asset space. Primary Responsibilities Static & Dynamic Application Security Testing (SAST / DAST) Own the full implementation of SAST tooling across all codebases and CI/CD pipelines Own the full implementation of DAST tooling across all customer‑facing and internal applications Establish baseline findings, prioritize remediation, and work directly with engineering to resolve issues Maintain and tune tooling over time as the codebase and attack surface evolve Secure SDLC & Code Integrity Define and enforce a secure software development lifecycle across engineering teams Establish secure release processes including code signing and build integrity verification Develop and maintain security standards, guidelines, and secure coding practices Integrate security checkpoints throughout the development pipeline without creating unnecessary friction for engineering Threat Modeling Lead threat modeling exercises for new infrastructure designs, features, and system changes Ensure all customer‑facing and internal applications are fully documented and threat modeled Maintain a living inventory of the company’s attack surface and ensure it reflects current architecture Apply blockchain‑specific threat modeling to smart contracts, bridge infrastructure, and custody‑adjacent systems, including multi‑sig signing flows and on‑chain/off‑chain trust boundaries Dependency & Supply Chain Security Implement and manage dependency scanning across all projects Enforce version pinning policies to reduce exposure from uncontrolled dependency updates Deploy and manage supply chain security tooling (e.g., Socket.dev or equivalent) to monitor for malicious or compromised dependencies Establish a process for ongoing dependency review and remediation Penetration Testing Define and maintain a penetration testing program covering all surface areas — applications, APIs, internal tooling, and infrastructure Scope, schedule, and manage third‑party penetration testing engagements Track findings through to remediation and validate fixes Secrets Management Design and implement a secrets management program across cloud infrastructure and engineering workflows Eliminate hardcoded credentials and secrets from codebases Establish policies and tooling for secrets rotation, access control, and audit logging Fuzzing & Attack Surface Coverage Implement fuzz testing across applicable components, particularly APIs and input‑handling logic Ensure coverage gaps in the attack surface are identified, documented, and addressed systematically Role Requirements 7+ years of experience in application security or a closely related discipline Demonstrated experience building or significantly maturing an application security program Deep hands‑on experience with SAST and DAST tooling implementation and management Strong knowledge of secure SDLC practices and CI/CD pipeline security integration Experience with dependency scanning and software supply chain security Proficiency in threat modeling methodologies (STRIDE, PASTA, or equivalent) Experience managing or coordinating third‑party penetration testing engagements Solid understanding of secrets management solutions (e.g., HashiCorp Vault, AWS Secrets Manager, or equivalent) Strong written and verbal communication skills — able to document findings and present risk clearly to both technical and non‑technical audiences Demonstrated experience securing blockchain‑connected systems, including smart contract security review, multi‑sig wallet architectures, and cross‑chain bridge protocols Working familiarity with common DeFi attack surfaces What We Offer Compensation: $185,000 to $260,000 + Equity Equity compensation as a component of all offers Health insurance, including dental and vision plans Health, Dependent Care and Commuter Flexible Spending Accounts Paid Parental Leave Life insurance; short‑and long‑term disability plans Company‑funded 401(k) plan, no matching required Unlimited PTO 10 paid company‑wide holidays Company‑wide winter break for most roles Office spaces in San Francisco, New York, and London Meals and snacks provided in office Paid company cell phone or stipend Bitwise “Buddy” Program (30‑day new‑hire success program) Annual anniversary gifts Company‑wide events including annual holiday party Internal Women of Bitwise (WOB) group with fun events Our Values Create “a ha” moments Move fast, with informed rationale Ask “What would the client want?” Show gratitude Your Interview Process Recruiter Interview Hiring Manager Interview Work Sample Meeting the Team Executive/Founders Interview References Offer! Bitwise is an equal opportunity employer. We are committed to building a team of people with a variety of backgrounds, perspectives, and skills. It is the policy of Bitwise to ensure equal opportunity. All candidates are considered without regard to race, color, religion, national origin, age, sex, sexual orientation, gender identity, marital status, ancestry, physical or mental disability, veteran status, or any other legally protected characteristics. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Please note that we do not sponsor visas for persons without work authorization in the United States. This role is for full‑time employees only (no B2B or contractors). Thank you! The Pay Range For This Role Is 185,000 - 260,000 USD per year (Remote) 185,000 - 260,000 USD per year (NYC Office) 185,000 - 260,000 USD per year (SF Office) 185,000 - 260,000 USD per year (London Office) #J-18808-Ljbffr Bitwise Asset Management
- ...Senior Application Security Engineer Want to work on building out security from the ground up at the leading edge of AI in healthcare globally? We're looking for a very experienced and highly motivated Senior Application Security Engineer to join our team as one of...SuggestedHourly payFull timeFlexible hours
$200k - $340k
...Application Security Engineer Palo Alto, CA About XAI XAI's mission is to create AI systems that can accurately understand the universe and aid humanity in its pursuit of knowledge. Our team is small, highly motivated, and focused on engineering excellence. This...SuggestedTemporary work$165k - $225k
...Senior Application Security Engineer Denver, CO or Long Beach, CA or SF Bay Area, CA Space is a warfighting domain. True Anomaly seeks those with the talent and ambition to build the technology that secures it. True Anomaly delivers decisive capabilities for space...SuggestedPermanent employmentShift work$325k - $405k
A leading AI research firm in San Francisco is seeking a Security Engineer for Application Security. The role involves identifying and mitigating security vulnerabilities, conducting assessments, and developing security tools. Ideal candidates will have extensive experience...SuggestedRemote job$180k - $220k
Senior Application Security Engineer, AI and Machine Learning San Francisco, California, United States; Seattle, Washington, United States Who We Are Lightning AI is the company behind PyTorch Lightning. Founded in 2019, we build an end‑to‑end platform for developing,...SuggestedWork at officeWork from homeFlexible hours2 days per week- We are seeking a Sr. Application Security or DevSecOps Engineer with broad set of experiences to have an early and formative impact in many areas of the ZetaChain security program. The ideal candidate will be responsible for ensuring the security of our applications throughout...Remote jobContract workFlexible hours
$200k - $235k
...we have focused on enabling our clients to securely navigate the digital asset space. With a... ...engagements. Secure next‑generation AI‑integrated applications by establishing input/output validation protocols and LLM guardrails. Engineer proactive defenses to safeguard platform...Full timeWork at officeWorldwide$165k - $190k
...world of TV advertising through the intelligent application of AI and machine learning, Tatari helps some... ...attestation, and a clear mandate to mature our security and privacy posture. We're looking for the right engineer to make it happen. The Role As our first dedicated...Work at office2 days per week$215k
Quanata is seeking an Application Security Engineer to ensure secure application development within our AI-native insurance platform. This role involves collaborating with Product, Engineering, and Security teams to integrate security controls throughout the software lifecycle...Remote job$231.9k - $318.25k
...directly with business data, and meets the highest standards of security and governance. AI is redefining what it means to build... ...program have grown with it. We’re looking for an Application Security Engineer who combines deep security fundamentals with real engineering...Shift work- Senior Security Engineer - Secure Code Review My client is seeking a Senior Security Engineer to join their Application Security practice. This role is ideal for a hands‑on AppSec professional with a strong software development background and deep experience performing...
$180k - $210k
..., go to . About the Role We’re looking for a Director of Application Security to architect and lead an AI‑native, agent‑driven Application... ..., real‑time risk signals, and deep integration with how engineers build software. Zeta is at the forefront of the AI‑native...Shift work$237.8k
...their data and AI are fully understood, secured, and resilient to enable the acceleration... ...We are looking for a Senior Security Engineer who thinks like a product architect and... ...to this processing. By submitting your application, you confirm that the information provided...Local areaWorldwideShift work$320k
...growing group of committed researchers, engineers, policy experts, and business leaders... ...systems. About the Role Anthropic's Application Security team secures the systems that build, serve... ...policy: Currently, we expect all staff to be in one of our offices at least 2...Visa sponsorship- ...support you need to grow your career. Engineering at Brex Engineering at Brex is about... ...intention. Our teams span Software, Data, Security, and IT, and operate with high... ...become leaders. What you’ll do As a Staff Application Security Engineer, you will define the...Work at officeRemote workWork from home3 days per week
- ...including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering... ...DeepMind, NVIDIA, and Databricks About the Role As our Security Engineer, Application & AI, you will own the security of our...Contract work
- ...the US, UK, Europe, Japan and Canada, and has been used for more than 500,000 patients worldwide. We are looking for an Application Security Engineer to work with our engineering team to ensure security is an integral part of our Software Development Lifecycle (SDLC)....Work at officeLocal areaWorldwideRelocation3 days per week
$155k - $225k
Attentive Mobile, Inc. is seeking a Senior Application Security Engineer to enhance security across their platforms. The ideal candidate will have over 5 years of security experience, particularly in application security, and be well-versed in programming with Java, Python...$140k - $180k
...headquartered in New York City with offices around the world. To learn more, go to About the Role We’re seeking a Lead Application Security Engineer to help advance Zeta Global’s application and platform security posture through AI-native security practices,...Full time- Applications Engineer, AI Server Software Performance This role serves as the technical bridge between engineering teams, customers, and strategic partners. The individual will lead training and inference benchmarking activities, support customer proof‑of‑concept engagements...Permanent employmentH1b
$405k
...group of committed researchers, engineers, policy experts, and business leaders... ...the role We are seeking a Security Engineering Manager to lead our Application Security team in ensuring the security... ...: Currently, we expect all staff to be in one of our offices at...Work at officeVisa sponsorshipFlexible hoursShift work- ...Application Engineer – Vinci4D.ai Join to apply for the Application Engineer role at Vinci4D.ai We are building an AI assistant for hardware design. Our product helps engineers explore, analyze, and optimize hardware systems, integrating cutting‑edge AI with the realities...
$125k - $160k
...based on your skills and experience — talk with your recruiter to learn more. Base pay range $125,000.00/yr - $160,000.00/yr Applications Engineer – Industrial Vision & AI Deployment ~50% Overnight Travel About the Opportunity A rapidly growing AI + computer‑vision scale...Night shift- ...Forward Deployed Engineer / Application Engineer – AI for EDA Solutions (Bay Area) Two openings are described below. This posting is presented by EDA CAREERS, (Technology Futures Inc.). Forward Deployed Engineer – AI for EDA Solutions Bay Area #7007 This company is reinventing...Full timeRemote workShift work
$130k - $175k
...Thank you for your interest in Uncountable Engineering! Description Uncountable is seeking experienced engineers to lead the transformation... ...to accelerate discovery through Generative AI. As an LLM Applications Engineer, you will be the architect of our LLM infrastructure...- ...cities are managed. Powered by a proprietary visual intelligence engine with full spatial reasoning, EchoTwin transforms municipal... ...challenges in real time. What You’ll Do We are seeking a skilled Application Engineer to join our team, focusing on deploying and...Flexible hours
- ...robots that automate food prep and assembly in commercial kitchens and food manufacturing. About the Role We are hiring an Applications Engineer to serve as the vital link between our customers and our engineering teams. This role spans the full customer journey, from...Flexible hoursNight shiftWeekend work
- ...across voice, chat, and email. Role Snapshot Role: Senior Software Engineer YOE: 4+ years of experience in full- stack software engineering... ..., sales, and customer success teams with enterprise-grade security. Why should you consider? Build real-world AI at scale at Solidroad...
$175k - $215k
...looking for someone to make sure it's built securely from the ground up. As part of the... ...ll be building it, working closely with engineering teams, shipping production code,... ...models ~ Production experience with application security tooling (SAST, DAST, SCA) and...Temporary work$180k - $258k
...founders. Role Overview We are looking for a Product Security Engineer to join our team and act as a champion for security within... ...engineering, specifically focusing on product security or application security. Technical Skills: Proficiency in one or...Shift work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Staff Application Security Engineer. Be the first to apply!
- assistant chief engineer San Francisco, CA
- technology administrator San Francisco, CA
- project engineer assistant project manager San Francisco, CA
- staff security engineer San Francisco, CA
- engineering aide San Francisco, CA
- senior staff systems engineer San Francisco, CA
- assistant electrical engineer San Francisco, CA
- staff design engineer San Francisco, CA
- research assistant engineering San Francisco, CA
- staff data engineer San Francisco, CA

