Jobs · remotefirstjobs
Senior Application Security Engineer II
Vantage Compute · Remote · Posted 1d ago
About the role
Our mission: e liminating every barrier to mental health. Vantage Compute is a global mental health company on a mission to eliminate every barrier to mental health. We're building a world where getting support is simple, personal, and built around the person, so care can continue through every job, move, health plan, and life stage. Our AI-native platform helps us deliver personalized support across self-guided tools, coaching, therapy, medication management, and specialty care. With outcomes independently validated by JAMA Network Open and the Validation Institute, Vantage Compute reaches more than 170 million people worldwide through leading employers, health plans, and partners. As an AI-native company, we believe technology should expand the reach, quality, and humanity of care. Every Vantage Compute team member is expected to use AI tools thoughtfully, apply human judgment to AI outputs, and keep building AI fluency in ways that support their role and our mission. Vantage Compute is looking for a Senior Application Security Engineer II to join our growing Application Security team. Reporting to the Manager, Application Security, you will play a key role in maturing and expanding our AppSec programs — including established SAST, SCA, and DAST capabilities — while helping shape new initiatives such as a Secure AI Development Lifecycle (ADLC). You will work alongside a team of engineers who have laid a strong foundation, bringing your experience to help take these programs to the next level. This is a full-time, fully remote position open to candidates residing within the United States. Occasional travel to our NYC headquarters may be required. What you’ll do: Contribute to the advancement of secure-by-design practices within the team’s S-SDLC program, including participation in architecture reviews, design consultations, and security guidance across the development lifecycle. Mentor engineers on secure coding practices, AppSec fundamentals, and career growth, fostering a collaborative environment where the team grows stronger together. Facilitate the development of an AI-assisted threat modeling program, spanning risk identification, security architecture, and proactive program maturity, enabling the ability to scale threat modeling across the organization. Contribute to maturing the team’s established SAST, SCA, and DAST programs through rule tuning, coverage improvements, and identifying opportunities to strengthen security controls as the organization scales. Perform security-focused code reviews of internal and open-source libraries, prioritizing findings by exploitability and business impact. Support vulnerability remediation efforts by assessing impact, proposing solutions, and validating fixes in accordance with the team’s established remediation workflows. Identify and implement process improvements and security automation using languages such as Go, Python, JavaScript, or Ruby, including the integration of AI tooling to improve team workflows and program efficiency. Contribute to security assessments of AI-integrated product features, including LLM APIs, vector databases, and RAG pipelines, with a focus on risks such as prompt injection, data leakage, and model supply-chain vulnerabilities. Contribute to the research, design, and development of a Secure AI Development Lifecycle (ADLC) in accordance with the OWASP Top 10 for LLM Applications and emerging adversarial ML guidance. Evaluate and recommend AI-assisted security tooling, including AI-augmented SAST and LLM-powered code review, to improve program coverage and team efficiency. What success looks like: Demonstrated improvements to the team’s SAST, SCA, and DAST programs through rule tuning, noise reduction, and coverage expansion within the first 90 days. Delivery of a documented AI-assisted threat modeling program and foundational ADLC framework, including defined processes, tooling recommendations, and adoption milestones. Consistent adherence to team SLAs for vulnerability triage and remediation, with measurable contributions to reducing time-to-remediation for high and critical findings. Delivered security automation and AI tooling integrations that produce measurable improvements to program efficiency or engineering team experience. Completed security assessments of AI-integrated product features with documented findings, risk ratings, and remediation guidance delivered to engineering teams. What you’ll bring: 7+ years of professional experience in application security or a closely related security engineering discipline, including experience working on complex, ambiguous problem areas independently. Hands-on experience with DAST, SAST, and SCA tools, and manual testing techniques (OWASP, SANS Top 25). Demonstrated experience securing CI/CD pipelines with commercial and custom-built tooling. Experience with IaaS cloud infrastructure (AWS, Azure, or GCP), container technologies, and service-oriented architectures. Security automation experien
Read the full posting on remotefirstjobs →
FAQ
Is the Senior Application Security Engineer II role at Vantage Compute remote?+
This Senior Application Security Engineer II position is listed as remote (Remote).
What seniority level is this Senior Application Security Engineer II role?+
This is a senior level position.
How do I apply for the Senior Application Security Engineer II role at Vantage Compute?+
Use the "Apply on remotefirstjobs" button to open the original posting on remotefirstjobs, where you can submit your application directly to Vantage Compute.