Handshake is a San Francisco, California-based company that has created a platform to provide opportunities for talented students seeking to be professionals in a meaningful career
Senior Security Engineer, Application Security
Location
California
Posted
26 days ago
Salary
$176K - $220K / year
Seniority
Senior
Job Description
Senior Security Engineer, Application Security
Handshake
Title: Senior Security Engineer, Application Security Location: San Francisco, CA Department: Engineering Employment Type Full time Compensation - $176K – $220K For cash compensation, we set standard ranges for all U.S.-based roles based on function, level, and geographic location, benchmarked against similar stage growth companies. In order to be compliant with local legislation, as well as to provide greater transparency to candidates, we share salary ranges on all job postings regardless of desired hiring location. Final offer amounts are determined by multiple factors, including geographic location as well as candidate experience and expertise, and may vary from the amounts listed above. Job Description: Senior Application Security Engineer At Handshake, we believe security should be built into the product, not layered on after the fact. We're looking for a Senior Application Security Engineer who’s excited to shape how security shows up in the developer experience, and enable our engineering teams to ship secure code without compromising on velocity. About the Role As a Senior Application Security Engineer, you'll play a critical role in protecting Handshake’s users and their data. You'll work closely with our engineering, platform, and cloud teams to make the secure way the easy way and embed security directly into how software gets designed, written, and shipped. This role is on our Cloud Security squad on our Infra & Platform team and is an engineering forward role. You’ll be building systems, tools, and automation that make secure development the default. You’ll bring a modern, opinionated perspective on how application security should work in a cloud-native, AI-enabled environment. What You'll Do - Own and grow key areas of our Secure Software Development Lifecycle (SDLC) like threat modeling, security reviews, and vulnerability management. - Work collaboratively with and be a trusted partner for engineering teams. - Eliminate whole classes of vulnerabilities by building secure by default libraries and tools into our platform. - Raise the bar for security awareness by teaching others and sharing your knowledge through - Design and build developer facing tooling to help engineers identify and fix security issues before they make it to production. - Scale your impact and security knowledge by teaching others, automating processes, and leveraging AI and agentic tooling. - Balance security and speed by using your judgement and expertise to add the right amount of security to our SDLC. - Help respond to potential security incidents as a member of the security on-call rotation. What We're Looking For - A builder mindset and experience working on large codebases and safely shipping code to production. - Strong understanding of common application security risks (OWASP Top 10) and how to mitigate them. - A pragmatic and empathetic approach to security controls that favors guidance over blocking and influence over mandates. - Strong communication skills and the ability to communicate security risks and tradeoffs to both technical and non-technical audiences. - Experience with threat modeling and risk assessments. - Familiarity with securing and running software in a major cloud provider. - Curiosity and a desire to use AI and agenting tooling to scale your and the security team’s impact. Nice to Haves - Experience working in Google Cloud (GCP) - Experience writing production code in the most popular languages at Handshake: Ruby, Typescript and Go. - Experience building agentic systems to solve security problems. Why This Role You’ll have real ownership over how application security is built and scaled at Handshake. This role sits at the intersection of security, developer experience, and AI, with the opportunity to define how all three come together. As part of a fast paced and growing business you will regularly get to work on new and interesting problems. If you care about building systems (not just processes), enjoy working closely with engineers, and want to rethink what modern application security looks like, we’d love to hear from you. Perks Handshake delivers benefits that help you feel supported—and thrive at work and in life. The below benefits are for full-time US employees. Ownership: Equity in a fast-growing company Financial Wellness: 401(k) match, competitive compensation, financial coaching Family Support: Paid parental leave, fertility benefits, parental coaching Wellbeing: Medical, dental, and vision, mental health support, wellness stipend Growth: Learning stipend, ongoing development Remote & Office: Internet, commuting, and free lunch/gym in our SF office Time Off: Flexible PTO, 15 holidays + 2 flex days Connection: Team outings & referral bonuses
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Sales Specialist, Data & AI Security
Veeam SoftwareYour Single Backup and Data Management Platform for Cloud, Virtual and Physical
• Develop and execute a territory plan to drive repeatable revenue within assigned accounts. • Collaborate with account executives to identify and maximize cross-sell opportunities for Securiti AI solutions. • Lead the entire sales process, serving as a trusted advisor, and presenting compelling business cases to customers. • Manage a pipeline of high-value opportunities, ensuring accurate forecasting and CRM discipline. • Expand relationships with key channel partners and resellers to accelerate deal flow and market reach.
• Design and implement secure reference architectures for Enterprise AI platforms that secures every Twilion’s engagement with them, ensuring data integrity, regulatory compliance, and resilience against evolving AI threats • Establish a definitive framework for AI vetting, driving the cultural and policy shifts needed to institutionalize this strategic mindset across the organization • Collaborate with cross functional partners to develop and set the long term roadmap for agentic AI identity and posture management, ensuring cohesive strategies for reducing risk from agentic AI use • Maintain and improve our enterprise security posture through high-quality code (Python, Go, or similar) and automated infrastructure management via IAC • Act as a technical mentor to junior engineers and a strategic advisor to leadership on the evolving AI landscape
Role Description We are looking for an experienced SAP GRC Lead to spearhead governance, risk, and compliance efforts in a large-scale life sciences digital transformation initiative. This role demands deep expertise in SAP GRC Access Control, Security & Authorization, and Identity Management, with a strong understanding of regulatory and audit requirements in a validated environment. - Lead the design, implementation, and management of SAP GRC Access Control solutions, including ARA, EAM, ARM, and BRM. - Define and enforce SAP security and authorization strategies across SAP S/4HANA and legacy environments. - Oversee role design, segregation of duties (SoD) analysis, and compliance reporting. - Implement and maintain SAP Identity Management (IDM) for user provisioning and lifecycle management. - Integrate GRC and IDM solutions with SAP Solution Manager / CALM to ensure seamless change control and transport compliance. - Collaborate with audit, compliance, and IT security teams to ensure adherence to GxP, SOX, and data privacy regulations. - Support remediation of audit findings and ensure alignment with internal controls and security best practices. - Provide leadership to cross-functional teams and manage offshore/onshore delivery resources. - Contribute to documentation, training, and change management activities related to security and compliance. Qualifications - 12+ years of hands-on experience in SAP GRC Access Control, including rule set design, risk analysis, and firefighting processes. - In-depth expertise in SAP Security and Authorization concepts, including Fiori roles, structural authorizations, and custom role design. - Strong working knowledge of SAP IDM and its integration with SAP systems for user lifecycle automation. - Experience with SAP Solution Manager (ChaRM, Test Suite) and/or SAP Cloud ALM (CALM) for change and compliance management. - Experience in Oil & Gas industry is nice to have. - Solid understanding of GxP, SOX, data privacy laws, and other regulatory frameworks. - Strong communication, stakeholder management, and leadership skills. Benefits - Work from Anywhere: Enjoy up to 25 days per year of remote work from any global location. - Recharge Freely: Take the time you need with flexible time off—beyond standard holiday allowances. - Connect as a Team: Use your team’s integration budget to meet, collaborate, and bond. - Celebrate Your Birthday: Receive a special gift from Fusion on your birthday. - Invest in Your Learning: Access CHF 1,500 annually for professional development. - Grow Your Skills: Join regular workshops and trainings to strengthen technical and soft skills. - Advance Continuously: Build the mindset, confidence, and capabilities to grow your career on your terms. - Shape an Inclusive Culture: Thrive in a workplace where your individuality is valued, and your voice drives meaningful change. - Earn What You’re Worth: Receive a competitive salary and benefits package that reflects your impact. - Refer Talent: Get rewarded for recommending new hires through our referral program. - Stay Rewarded: Access loyalty-based benefits starting from your third year via the Unity Scheme. - Relocate with Ease: Receive financial assistance when moving for work. - Navigate Global Moves: Get help with visas, permits, and international assignments. - Benefit Locally: Enjoy perks tailored to your country of residence. - Collaborate Globally: Work in a diverse, inclusive culture where global teamwork drives success.
Security System Engineer
Swiss IT Security Group AGSITS Group - Sicherheit braucht Partner: Als führende Unternehmensgruppe für IT Security stehen wir für eine ganzheitliche Sicherheit. Mit über 700 Mitarbeitenden vereint die SITS Group Erfahrung, Kompetenz, Ressourcen und Services hochkarätiger IT Security-Provider zu einem umfassenden Ganzen. Für unsere Kunden bieten wir mithilfe innovativer Lösungen und Technologien Gesamtkonzepte zur IT Security, die auf den Aspekten Schützen, Erkennen und Abwehren beruhen. Hilf uns die IT-Sicherheit unserer Kunden zu schützen und werde Teil unserer großartigen Vision mit einem einzigartigen Teamgeist. Contact Bei Fragen kannst Du Dich gerne per Email an Donika Krasniqi (Talent Acquisition Partner) wenden.
Role Description Willst Du, dass Deine Arbeit eine echte Bedeutung & spürbare Auswirkung für uns als Gesellschaft hat? Hast Du Lust mit einem grossartigen Team eine sichere, digitale Zukunft aufzubauen? Das ist noch nicht alles – bei uns erwarten Dich 40 Wochenarbeitsstunden mit flexiblen Arbeitszeiten und der Möglichkeit von Remote zu arbeiten. Du fühlst Dich angesprochen? Unser Team wächst stetig und wir suchen Dich als Security System Engineer (m/w/d) an unserem Standort Jona oder Basel, um unsere Kunden gemeinsam bestmöglich zu beraten und zu unterstützen. - Konzeption, Integration und Konfiguration moderner PKI- und Verschlüsselungslösungen bei unseren Kunden - Integration der jeweiligen Lösungen sowohl on-premise als auch in der Cloud inklusive Erstellung kundenspezifischer Dokumentation - Sicherstellung der Qualität auf Basis interner und kundenspezifischer Richtlinien sowie eigenständige Zusammenarbeit mit den Kunden Qualifications - Ausgeprägtes Interesse und technisches Fachwissen im Bereich Security sowie die Fähigkeit, sich schnell in neue Themen einzuarbeiten - Erfahrung in der Umsetzung von Projekten - Solides technisches Verständnis in den Bereichen PKI, HSM und Web-Applikationen - Erfahrung in der Integration von Komponenten in bestehende Systemlandschaften; fundierte Kenntnisse in Authentisierung, Autorisierung, Logging, Monitoring und Firewall - Analytisch-konzeptionelle Stärke, schnelle Auffassungsgabe sowie sicheres Auftreten, Kommunikationsfähigkeit, hohe Lernbereitschaft und gute Deutsch- und Englischkenntnisse - Bereitschaft zur Übernahme von Bereitschaftsdiensten Benefits - Wertschätzung: Eine offen-herzliche, respektvolle und wertschätzende Kommunikationskultur steht bei uns an erster Stelle. - Teamspirit: Es erwarten Dich spannende und vielseitige Aufgaben gepaart mit einem tollen und unterstützenden Team um Dich herum. Wir fördern nicht nur eine gesunde, sondern auch kollegiale Teamstruktur. - Onboarding & Einarbeitung: Wir legen großen Wert auf ein strukturiertes Onboarding und eine intensive Einarbeitung. Wir möchten, dass Du bei uns gut ankommst! - Work-Life-Blending: Wir bieten Dir die Option auf mobiles Arbeiten und flexible Arbeitszeitmodelle mit Fokus auf eine gesunde Work-Life-Balance. - Perspektiven: Du erhältst vielfältige Freiräume für kreatives Arbeiten, persönliche Entwicklungsoptionen und interessante Weiterbildungsmöglichkeiten – auch im Team. - Corporate Benefits: Auf Dich warten interessante und zahlreiche Mitarbeiterkonditionen. - Hire a Friend!: Empfehle Deinen Wunschkollegen! Unser lukratives Mitarbeiterempfehlungsprogramm liegt uns besonders am Herzen und macht sich auch für Dich bezahlt! - Modern Workplace: Du erhältst von uns eine moderne IT-Ausstattung (bspw. Firmenlaptop, Headsets, Zweitbildschirm etc.). - Grossartige Unternehmenskultur: Wir pflegen eine offene Du-Kultur und feiern legendäre grössere und kleinere Teamevents! Contact Bei Fragen kannst Du Dich gerne per Email an Donika Krasniqi (Talent Acquisition Partner) wenden.
