[Remote] Senior Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. Hampton North is a company focused on securing a B2B2C SaaS platform through innovative application security measures. The Senior Application Security Engineer will lead efforts in securing AI-integrated applications, hardening CI/CD pipelines, and ensuring responsible AI adoption while utilizing AI-powered tools to enhance security throughout the software development lifecycle.
Responsibilities
- Use AI-powered security and development tools every day (Claude Code, Claude Security, or comparable assistants) to accelerate vulnerability discovery, code review, threat modeling, and remediation across the SDLC
- Design and operate agentic security automation that orchestrates multi-step checks across the CI/CD pipeline, including AI-assisted auto-fix workflows and AI-native security gates
- Lead security architecture reviews and embed secure-by-design principles from initial design through deployment and ongoing operation
- Assess and mitigate AI-specific attack surfaces in LLM-integrated features, including direct and indirect prompt injection, context leakage, insecure tool use, and model denial-of-service
- Continuously refine threat modeling across application components, third-party integrations, cloud-native architecture, and AI/LLM-powered features
- Develop, enforce, and evolve secure coding standards through SAST, DAST, and SCA scanning, AI-assisted code review, periodic manual audits, and targeted developer training
- Own and evolve Application Security Posture Management, integrating static, dynamic, SCA, and runtime signals into risk-scoring that weighs exploitability, data sensitivity, and business impact
- Manage vulnerability triage and prioritization against exploitability, business impact, and compliance, aligning remediation timelines to risk tolerance
- Run the bug bounty program end to end: scope, triage and validate researcher submissions, assess severity, and engage the research community
- Mentor engineers and developers on secure coding, remediation, and effective use of AI-augmented security workflows
- Present findings, risk assessments, and program metrics to senior leadership, clients, auditors, and regulators
Skills
- Seven or more years in application security, software security engineering, or a closely related domain within production SaaS environments
- Regular hands-on use of AI-powered security and development tools (Claude Code, Claude Security, or comparable coding and security assistants) as part of your daily workflow, beyond evaluation or advisory use
- Experience building or operating agentic AI security workflows: multi-step autonomous automation, parallel subagent reviews, agent-to-agent handoffs, policy-driven automation
- Experience assessing AI-specific attack surfaces in LLM-integrated applications: prompt injection (direct and indirect), context leakage, insecure tool use, model denial-of-service
- Deep AWS security and Kubernetes security expertise, with cloud-native application security best practices
- Hands-on DevSecOps pipeline design and security testing across SAST, DAST, SCA, and penetration testing
- Ability to review and assess security risk in one or more of Java, C#, JavaScript/TypeScript, Python, Swift, Kotlin
- Secure authentication and authorization depth: OAuth 2.0, OIDC, SAML, JWT, WebAuthn, Zero Trust
- Security automation and scripting in Python and Bash
- Working command of OWASP Top 10, OWASP Top 10 for LLM Applications, SANS 25, CVSS, EPSS, and MITRE ATT&CK
- Secure context window management in AI products: context isolation boundaries, prevention of sensitive data leakage, data classification for model inputs
- Encryption standards, cryptographic best practice, and secrets management
- Ability to present risk clearly to technical and non-technical audiences, including senior leadership and external stakeholders
- Comfort working independently in a remote setting with high accountability
- CSSLP, OSCP, GWEB, or GWAPT
- Bachelor's in Computer Science, Cybersecurity, Information Assurance, Software Engineering, or a related field, or an equivalent combination of education and experience
- Experience evaluating AI provider security posture: API security reviews, data residency assessments, vendor risk questionnaires, contractual security requirements
- AI model access controls and secrets hygiene in AI pipelines: least-privilege for LLM tool integrations, securing model inference endpoints
- SIEM, WAF, and security monitoring tools
- AWS controls depth: IAM, security groups, KMS, Lambda security, cloud monitoring
Benefits
- Bonus(some flex DOE)
- Fully remote, US based
- Minimal travel, roughly two team gatherings per year
Company Overview