Lead Application Security Engineer
Role Overview
The Lead Application Security Engineer at Adaptive Security will be responsible for overseeing the application security posture, defining security standards, and conducting security reviews and threat modeling. This senior-level role requires strong engineering skills to work within the codebase and a proactive approach to vulnerability management and incident response, directly impacting the company's security practices as it expands its offerings.
Perks & Benefits
This fully remote position offers high autonomy as you build the application security function from scratch. The role likely includes opportunities for career growth in a fast-paced startup environment focused on AI cybersecurity. While specific benefits are not detailed, typical perks may include flexible working hours and a culture that encourages innovation and collaboration.
Full Job Description
About Adaptive
NVIDIA and OpenAI’s only AI cybersecurity investment.
Adaptive is a cybersecurity startup on a mission to stop AI-powered cyberattacks. In December 2025, the company announced an $81M Series B led by NVIDIA and Bain Capital Ventures, with participation from Capital One Ventures, Citi Ventures, and continued support from Andreessen Horowitz (a16z), the OpenAI Startup Fund, and Abstract Ventures. The round marked NVIDIA’s first AI cybersecurity investment.
Adaptive was founded by Brian Long and Andrew Jones, repeat entrepreneurs who have built and scaled category-defining companies. Brian and Andrew previously co-founded Attentive, which grew to more than $500M in annual revenue and a $10B+ valuation, and TapCommerce, which was acquired by Twitter. Together, they bring deep experience building high-growth, product-led businesses at massive scale as Adaptive builds the security layer for the AI era.
Trusted by leading banks, technology companies, and healthcare organizations, Adaptive protects teams from emerging threats like deepfakes, smishing, and AI-powered voice scams. With rapid enterprise adoption and a $200B+ market ahead, the company is just getting started.
Role
Adaptive Security is the fastest-growing company in AI cybersecurity. We started by protecting organizations from AI-powered social engineering - deepfake phone calls, spear phishing, SMS-based threats - and we're now expanding into email security and browser security. Our customers integrate us deeply into their Google Workspace, Microsoft 365, and email infrastructure, and that attack surface is growing fast. We're a security company and our own security posture has to be best in class.
We're looking for an Application Security Engineer to own application security across Adaptive. You need to be a strong enough engineer to work inside our codebase (Java + Spring Boot services, TypeScript + React frontend, and terraform for managing AWS infrastructure) and a strong enough security practitioner to find what others miss. We want someone who finds the vulnerability, opens the PR to fix it, and builds the systems that prevent the next one.
Responsibilities
Own Adaptive's application security posture end-to-end. Define security standards for our products, infrastructure, and development process and make sure they're followed.
Conduct security reviews and threat modeling for new features, integrations, and architecture changes. Our attack surface is growing as we add deeper customer integrations and expand internationally.
Build security into CI/CD. Automate static analysis, dependency scanning, secrets detection, and container security so vulnerabilities are caught before they ship.
Perform penetration testing against our own applications and infrastructure. Find the bugs before external researchers or attackers do.
Drive vulnerability management across our application and infrastructure stack. Triage findings from automated tooling, pen tests, prioritize by risk, and push remediation to closure with engineering.
Lead security incident response process for application-layer events. When something happens, you lead the investigation and remediation.
Manage our approach to external security testing - bug bounty programs, third-party pen tests, and customer security assessments.
Own AWS security across our entire cloud architecture — IAM hardening, misconfiguration detection, and building the controls that keep our posture clean as the environment grows.
Qualifications
5+ years of experience in application security, with demonstrated ability to find and exploit vulnerabilities in web applications and APIs (OWASP Top 10 and beyond).
Strong software engineering skills. You can read, write, and ship production code in Java, TypeScript, or similar languages.
Experience with cloud infrastructure security on AWS (IAM, VPC, ECS, S3, RDS, or equivalent services on other providers).
Hands-on experience with security tooling in CI/CD pipelines - SAST, DAST, SCA, container scanning, or similar.
Familiarity with compliance frameworks relevant to enterprise SaaS (SOC 2, HIPAA, GDPR) and the ability to translate compliance requirements into engineering work.
High autonomy. You're building this function from scratch and are expected to set priorities and drive them.
Compensation & Benefits:
Competitive cash compensation and meaningful stock.
Several medical plans to choose from, most covered at 100% by Adaptive.
401k through Vestwell.
Unlimited PTO, including winter break from Dec 24 - Jan 1.
A fantastic office atmosphere including coffee, espresso, lounge, snacks, whiteboards, and tons of conference space.
Rotating choice of 4 free lunch options from local restaurants every day.
Expense dinner if you’re in the office past 7pm. Expense Uber if you happen to stay past 9pm.
Similar jobs
Found 6 similar jobs