AppSec Engineer

Job Description

Job Description

About Karbon

Karbon is the global leader in AI-powered practice management software for accounting firms. We provide an award-winning cloud platform that helps tens of thousands of accounting professionals work more efficiently and collaboratively every day. With customers in 40 countries, we have grown into a globally distributed team across the US, Australia, New Zealand, Canada, the United Kingdom, and the Philippines. We are well-funded, ranked #1 on G2, growing rapidly, and have a people-first culture that is recognized with Great Place To Work® certification and on Fortune magazine's Best Small Workplaces™ List.

Our Engineering Standards at Karbon:

Balance Speed and Quality

Engineers are expected to balance delivery speed with a strong commitment to quality, meeting agreed timelines while producing reliable, maintainable, and well-tested solutions. Sound judgment in making trade-offs between velocity and long-term sustainability is essential.

Collaborate Effectively

Engineering is collaborative by default. Team members are expected to contribute constructively in design discussions, reviews, and planning, communicate clearly about progress and risks, and support shared team outcomes in both hybrid and distributed environments.

Build and Maintain Systems

Engineers are responsible for building new capabilities while maintaining and improving existing systems. This includes designing scalable solutions, reducing technical debt, supporting operational stability, and contributing to continuous improvement.

Operate with Autonomy

A high degree of autonomy is expected. Given clear objectives, engineers should independently translate problems into actionable technical approaches, proactively identify improvements, and continuously expand relevant technical expertise.

Ownership and Accountability

Ownership is fundamental. Engineers are accountable for the quality, performance, and customer impact of their work from design through post-release support, and are expected to follow through on commitments.

AI-Enabled Engineering

AI is reshaping how software is built, and we are committed to leveraging it as a force multiplier for creativity, impact, and capability. Engineers are expected to confidently apply strong technical fundamentals while embracing AI tools and approaches to enhance productivity, problem-solving, and innovation. Curiosity, adaptability, and enthusiasm for integrating AI into meaningful product development are essential.

Contribute to Team Culture

Engineers contribute positively to a culture of professionalism, transparency, low bureaucracy, and mutual respect, strengthening team performance through authenticity, curiosity, and collaboration.

Seeking a development & cloud focused AppSec Engineer to join our expanding security team.

The ideal candidate will have passion for AppSec, Cloud and AI. They will be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes.

AI is reshaping practices across the board and at Karbon we're fully committed. We don't see AI as a replacement but as a force multiplier. We're looking for Security Engineers who are confident in network & security fundamentals, driven to grow, and excited by the challenges and opportunities AI brings.

What You'll Own:

• Partner with different areas within Karbon - You will make sure security is embedded from the start from feature design and development to participating in design reviews and threat modelling.
• Balance Security and Delivery - You know how to balance delivery needs with security and can communicate security risks and issues to non technical stakeholders. You understand when it's important to push back, when to compromise and how to work with delivery teams to reach a great outcome.
• You keep up to date on the latest technologies and approaches - You are excited by the new developments such as AI bring to security but also understand the importance of security foundational practices such as good account hygiene, least privilege, attack surface reduction and MFA.
• Identify and assess security risks introduced by AI tools - You'll assist with reviewing the risks of AI tooling usage & Integration and AI-generated code.
• Apply AI-assisted tooling to accelerate security work - you understand the impact AI can have and utilize it across many areas including triage, threat detection, code review, and documentation.
• Flexibility and confidence to work across multiple security domains - We're a small team responsible for Security at a fast moving company and you'll get exposure to many different security domains; you could be assisting with refining and investigating corporate IT security processes in the morning, reviewing a cloud hosted system after lunch and then tweaking detection rules!
• Work effectively as part of a team - Security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbon's security posture. You are happy to answer questions and offer advice to teams that will reach out for your assistance.
• Own your work - You take pride in your work, feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers' valuable data secure. This sense of ownership is paramount, and you share this commitment.
• Bring your passion and personality - Your creativity, curiosity, and authentic self make the team stronger. If you've worked in highly political environments, you'll find our culture, free from office politics and valuing openness and authenticity, a refreshing change.
• Help us measure improvement and steer our roadmap - Contribute to Security Metrics so we can track progress and feedback into our roadmap.

4+ years experience in a security or development role across most of the following:

• Collaborating with teams to review designs & implementations for security issues and embedding good security practices across software development
• Triaging issues and reports, assisting teams to remedy items and testing fixes
• Working with external penetration test companies to validate and prioritize findings
• Conducting risk and vulnerability assessments of web applications and APIs and third party suppliers and integrations
• Configuring and tuning SAST, SCA and DAST Tooling
• Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
• Assisting with implementing security focused alerting and detections and automations
• Conducting and facilitating organizational & developer focused security training
• Assisting with operational security items such as EDR alerts and MDM
• Contributing to our security roadmap

In addition you'll need:

• Strong communication skills (spoken and written)
• Some of the following Languages/Frameworks: Microsoft .NET/C#, JavaScript (we use React and EmberJS frameworks and, Python)
• At least one cloud platform: Azure, AWS or GCP (we use Azure predominantly)
• Working knowledge of PowerShell or Bash and Python
• Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
• Portswigger Burp or similar
• Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related are nice to have
• Experience with securing AI applications, systems and AI tooling would be highly regarded

Why Work at Karbon?

• Gain global experience across Australia, New Zealand, UK, and Canada
• Strong benefits package including:
• Flexible Time Off with an encouraged 4 weeks use per year
• Company paid medical for you and eligible spouse/partner and dependents
• Paid dental and vision and eligible spouse/partner and dependents
• 401(k) with company matching
• Flexible Spending Account
• Up to 8 weeks paid parental leave
• Work-from-home stipend
• Work with (and learn from) an experienced, high-performing team
• A collaborative, team-oriented culture that embraces diversity, invests in development and provides consistent feedback
• Be part of a fast-growing company that firmly believes in promoting high performers from within

As we hire across various locations within the USA we are required by law to include a reasonable estimate of the compensation range for this role.

The range provided is broad and takes into consideration a wide range of factors that are reviewed when making a hiring decision, such as physical location/cost of living in that location, years of experience, skills, and other business needs.

It is not typical for a candidate to be hired at or near the top of the pay range and each compensation decision is dependent on each individual case. The base salary is one component of the total compensation package, which for some roles may include a target bonus, for some roles very competitive equity grant, and very generous benefits. While we believe competitive compensation is a critical aspect of you deciding to join us, we do hope you also spend time considering why our mission, purpose and values are right for you. We are creating something transformational here, and we hope you are as excited about the future as we are!

The estimated base salary range for this role is:

$131,000—$169,000 USD

Karbon embraces diversity and inclusion, aligning with our values as a business. Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single criteria. If you've made it this far in the job description but your past experience doesn't perfectly align, we do encourage you to still apply. You could still be the right person for the role!

We recruit and reward people based on capability and performance. We don't discriminate based on race, gender, sexual orientation, gender identity or expression, lifestyle, age, educational background, national origin, religion, physical or cognitive ability, and other diversity dimensions that may hinder inclusion in the organization.

Generally, if you are a good person, we want to talk to you.

If there are any adjustments or accommodations that we can make to assist you during the recruitment process, and your journey at Karbon, contact us at View email address on ziprecruiter.com for a confidential discussion.

At this time, we request that agency referrals are not submitted for this position. We appreciate your understanding and encourage direct applications from interested candidates. Thank you!