Security Engineer, Application Security
Mercor Alabaster
About Mercor Mercor's mission is to organize human intelligence to power the AI economy. We partner with leading AI labs and enterprises to provide the human intelligence essential to AI development. Our vast talent network trains frontier AI models in the same way teachers teach students: by sharing knowledge, experience, and context that can't be captured in code alone. Today, more than 30,000 experts in our network collectively earn over $3 million a day. Mercor is creating a new category of work where expertise powers AI advancement. Achieving this requires an ambitious, fast-paced and deeply committed team. You'll work alongside researchers, operators, and AI companies at the forefront of shaping the systems that are redefining society. Mercor is a profitable Series C company valued at $10 billion. We work in-person five days a week in our San Francisco, NYC, or London offices. You'll own application security at a company where the app layer is the highest-priority security surface. This is not a scan-and-triage role. You'll embed in the development lifecycle, review code for exploitable flaws, build security tooling into CI/CD, and drive vulnerability remediation across a platform serving 300K+ experts and enterprise clients processing sensitive AI training data. We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate code review and threat modeling, and automating away the repetitive work that slows AppSec programs down. If you'd rather write a CodeQL query than file a Jira ticket, you'll fit in here. We're in-person five days a week at our SF headquarters, with first Fridays remote.
What You'll Build:
What You'll Build:
- Security review workflows embedded in the SDLC - PR-level analysis that catches auth bugs, injection flaws, and business logic errors before they ship
- SAST/DAST pipelines integrated into CI/CD - shifting security left without slowing down deploys
- Vulnerability management processes that prioritize by real exploitability, not CVSS score
- Secure coding standards and guardrails that make the safe path the easy path for 50+ engineers
- Threat models for new features and architecture changes - especially around AI data pipelines, payment flows, and multi-tenant boundaries
- Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure
- You've found and fixed real vulnerabilities in production applications - not just run scanners
- Deep understanding of web application security: OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws
- Strong in at least one of Python, TypeScript, or Go - you can read a PR and spot the auth bypass
- Experience building or tuning SAST/DAST tooling (Semgrep, CodeQL, Snyk, Burp, or similar)
- You understand modern web frameworks, APIs, and authentication patterns well enough to threat model them
- Experience managing a vulnerability pipeline - from discovery through prioritization to verified remediation
- 5+ years of professional experience in application security, security engineering, or software engineering with a strong security focus
- Experience running or triaging a bug bounty program (HackerOne, Bugcrowd)
- Offensive security skills - you've done penetration testing and can think like an attacker
- Experience securing AI/ML applications - model serving APIs, training data pipelines, prompt injection defense
- Familiarity with supply chain security - dependency scanning, registry firewalls (Socket, Snyk)
- You've built custom security tooling that a team still uses
- Contributions to open source security projects or published vulnerability research
- The problem is real. Application security at scale is hard - you'll build defenses that matter across a fast-moving platform.
- AI-native AppSec. You'll use frontier AI tools daily - for code review, vulnerability analysis, and anything that benefits from an AI co-pilot.
- Ownership from day one. You'll own the entire application security domain - from code review processes to CI/CD security to bug bounty operations.
- See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market. Benefits
- Bi-annual performance bonus structure
- Generous equity grant vested over 4 years
- Up to $15k Relocation bonus
- $10K housing bonus (if you live within 0.5 miles of our office)
- $1.5K monthly stipend for meals
- Free Equinox membership
- $200 monthly laundry reimbursement
- $200 monthly personal wellness reimbursement
- Health, Dental, Vision insurance
Vacancy posted 2 days ago
Similar jobs that could be interesting for youBased on the Security Engineer, Application Security in New York, NY vacancy
- ...Security Engineer – Application Security Fragomen is seeking a Security Engineer – Application Security to join our talented Cyber Security team in our Technology Innovation Lab in Pittsburgh. We are looking for professionals who are passionate about security, capable...Application
$104k - $156k
...Overview Job Overview As an Advanced Security Engineer focused on Endpoint Security, you will design, build, and operate security controls... ...Qualifications Experience securing cloud-native applications / SaaS solutions and networks Familiarity with vulnerability...ApplicationRemote work- ...Finance is the engine of the global economy. It decides which ideas get built, which companies... ...will run on Rogo. The Role As a Security Engineer at Rogo, you’ll play a key role... ...strengthening the security of our products, applications, and cloud environments. You’ll identify...Application
$100k - $140k
...keep reading - this may be your next great opportunity. As a Security Engineer, you will be part of BlackCloak’s internal technology team... ...Trust principles into new programs and architecture designs. Application Security (Support) Support application security program strategy...ApplicationFull timeTemporary workRemote workHome officeFlexible hoursShift work$100k - $200k
...Trail of Bits is the premier place for security experts to boldly advance security and... ...attackers. Our research-based and custom-engineering approach ensures that our client’s... ...Trail of Bits seeks a Security Engineer, Application Security within our growing Software Assurance...ApplicationFull timeContract workRemote workWork from homeHome officeRelocation package- ...week in our San Francisco, NYC, or London offices. You’ll own application security at a company where the app layer is the highest‑priority... ...and guardrails that make the safe path the easy path for 50+ engineers Threat models for new features and architecture changes –...ApplicationRemote workShift work
- ...About the Team Security is at the foundation of OpenAI’s mission to ensure that artificial general intelligence benefits all of... ...engaging a robust security culture. About the Role As a Security Engineer, Application Security you will be responsible for identifying and...ApplicationWork at officeRemote workRelocation package
- ...our journey to create a better future of work with AI. About the role This is where security meets innovation at enterprise scale. As a security engineer, applications at WRITER, you'll be building the security foundations that protect the AI systems powering some...ApplicationFull timeWork at officeLocal areaFlexible hours
$195k - $240k
Here at Datadog, we think about offensive security a little bit differently. We embrace... ...environment, and we expect our offensive engineers to build the tooling that makes that... ...manage complexity at scale. It brings applications, infrastructure, data, models, and security...ApplicationWork at office- ...expertise, capable of driving enterprise security initiatives and influencing... ...resilience. As a Senior Security Software Engineer , you will design, lead, and deliver secure... ...that match your skills and capabilities. Applicants in the recruitment process may be required...ApplicationLocal areaWork from homeRelocation package
$164.8k - $228.4k
...Senior Security Engineer – Data Security Upstart’s Information Security team is dedicated to advancing security practices that enhance... ...production‑quality systems such as APIs, services, or internal web applications. Experience launching new security capabilities from 0 to 1...ApplicationCurrently hiringLocal areaRemote work- Security Engineering is the engineering function inside the Plaid security org that focuses on developing the industry‑leading security systems... ..., age, military or veteran status, disability, or other applicable legally protected characteristics. We also consider...ApplicationWork experience placementLocal area
- Simple Life is seeking a Senior Security Engineer to enhance application security and cloud-native infrastructure security. In this pivotal role, you will engage with technologies like Go, AWS, and Kubernetes to embed security in software development. The ideal candidate...ApplicationRemote job
- ...expertise, capable of driving enterprise security initiatives and influencing... ...resilience. As a Staff Security Software Engineer on GM’s Security Operations Engineering... ...accommodation to assist with your job search or application for employment, email us or call us at 1...ApplicationContract workLocal areaRelocation package
- Hexion is seeking a Senior Security Engineer to lead the security engineering function, enhancing the security of software development lifecycles... ...into all operational processes, leveraging expertise in application security tooling, cloud security posture management, and...ApplicationWork at officeRemote work
$110k - $140k
A fintech company in New York is seeking a proactive Security Engineer to safeguard their information systems. The role encompasses responsibilities in application and API security testing, incident response, and vulnerability management. The ideal candidate has over 3...Application$106k - $170k
...our customers and for**Position Overview:**The Blackstone Security Operations - Engineering team is growing to support new cross-functional security... ...equal employment opportunities to all employees and applicants for employment without regard to race, color, creed, religion...ApplicationWork at officeLocal areaFlexible hours- -Core Specialty is seeking a Senior Azure Cyber Security Engineer to serve as a hands-on technical leader and subject matter expert within... ...operating security controls across Azure, identity, endpoint, cloud application, and network security domains. This role operates in a fast-...ApplicationTemporary workWork at officeLocal areaRemote workRelocationWork visaFlexible hours
- A technology company based in New York seeks a Product Security Engineer to embed security practices into their development processes. Your... ...are met. Ideal candidates will have strong experience in Application Security and Cloud Security, as well as a solid understanding...Application
$200k - $225k
...maintaining its competitive edge. Your Team and Role: Blackstone’s Security Engineering (SecEng) Team is responsible for enabling secure software... ..., penetration testing, and secure design for AI-enabled applications and supporting platforms. You will also help define...ApplicationFull timeLocal area- the company | Senior Application Security Engineer, Product Security Engineer, Manager - Product Security | San Francisco / Chicago / New York | Hybrid I’m an Engineering Manager in Security at the company, and we’re actively hiring for three roles on our broader Product...Application
$165k - $215k
...us create it. Who you are Metropolis is seeking a Senior Security Engineer to establish and lead a dedicated infrastructure and network... ...by a number of variables, including, as appropriate, the applicant's qualifications for the position, years of relevant experience...ApplicationTemporary workWork at officeLocal areaRemote work$70k - $100k
• Job Details • Job Title: Japanese Bilingual Mid-Senior Network / Security Engineer • Client: Japanese IT Company • Working Location: New York, NY 10022 • Working Style: Hybrid (2-3 days/week onsite) • Employment Type: Full-time • Salary: $70,...Full timeFor subcontractorRemote workVisa sponsorshipWeekend work2 days per week3 days per week$99k - $232k
...Cybersecurity & Privacy Industry/Sector: Not Applicable Time Type: Full time Travel... ...to identify vulnerabilities, develop secure systems, and provide proactive solutions... ...experience in network security, cybersecurity engineering, or security consulting, including...ApplicationFull timeH1b$174k - $239k
...Secure Every Identity, from AI to Human Identity is the key to unlocking the potential... .... We are looking for a Staff Software Engineer that will join the Auth0 Security... ...In addition, Okta offers equity (where applicable), bonus, and benefits, including health,...ApplicationPermanent employmentLocal areaWorldwideFlexible hours- A tech consulting firm is looking for a Sr. Infrastructure Security Engineer to develop and enhance security systems across AWS, GCP, and... ...skills and experience with Infrastructure as Code. The ideal applicant thrives in a fast-paced environment and has a mindset focused...Remote job
- ...A leading technology firm is looking for a passionate Security Engineer to join their Product Security team. In this role, you will design secure architectures and develop tools that protect Chainlink and support the Web3 ecosystem. Candidates should have experience in...Remote work
- ...Senior Detection Engineer (SIEM / Security Observability) Remote, US Description Keeper Security is seeking a Senior Detection Engineer to... ...and instrumentation standards across cloud infrastructure, applications, endpoints, and identity systems Build and optimize log ingestion...ApplicationRemote work
$170.6k - $390k
...world to grow your career in information security! The opportunity The Senior... ...partnering closely with infrastructure, cloud, application, and security operations teams.... ...team as a Senior Manager in Cybersecurity Engineering, where you will play a pivotal role in...ApplicationSummer holidayRemote workFlexible hours- ...with large trading floor technologies, managing, troubleshooting and deployment of large-scale multicast architecture for trading applications. Detailed knowledge of network, transport and application protocols, BGP, MPLS, EIGRP, OSPF, VPC, 802.1Q, ether-channel, STP,...ApplicationRemote work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Engineer, Application Security. Be the first to apply!
Related searches
- information technology security engineer New York, NY
- principal security engineer New York, NY
- dlp security engineer New York, NY
- security engineering manager New York, NY
- endpoint security engineer New York, NY
- security engineer New York, NY
- offensive security engineer New York, NY
- sr information security engineer New York, NY
- senior application security engineer New York, NY
- security operations engineer New York, NY

