Senior Software Engineer, Application Security
Handshake · San Francisco, CA · 2 days ago
On-siteInformation Technology$176k–$220k/yrFull-time
About the role
Handshake was founded on a simple belief that everyone deserves a path to a great career, regardless of where they went to school or who they know. Today, we power 25 million job seekers, 1 million+ employers, and 1,600 educational institutions. In 2025, we started Handshake AI and built the fastest-growing AI data business in history. We work directly with frontier AI lab researchers to create evaluations, publish benchmarks, and push the boundary of data. We’ve grown from $0 to ~$1B run rate and pay ~$60M to over 30K individuals every month.
Responsibilities
- Own and grow key areas of our Secure Software Development Lifecycle (SDLC) like threat modeling, security reviews, and vulnerability management.
- Work collaboratively with and be a trusted partner for engineering teams.
- Eliminate whole classes of vulnerabilities by building secure by default libraries and tools into our platform.
- Raise the bar for security awareness by teaching others and sharing your knowledge.
- Build developer facing tooling to help engineers identify and fix security issues before they make it to production.
- Scale your impact and security knowledge by teaching others, automating processes, and leveraging AI and agentic tooling.
- Balance security and speed by using your judgement and expertise to add the right amount of security to our SDLC.
- Help respond to potential security incidents as a member of the security on-call rotation.
Requirements
- 5 - 8 years of experience.
- A builder mindset and experience working on large codebases and safely shipping code to production.
- A strong understanding of common application security risks (OWASP Top 10) and how to mitigate them.
- A pragmatic and empathetic approach to security controls that favors guidance over blocking and influence over mandates.
- Strong communication skills and the ability to communicate security risks and tradeoffs to both technical and non-technical audiences.
- Experience with threat modeling and risk assessments.
- Familiarity with securing and running software in a major cloud provider.
- Curiosity and a desire to use AI and agenting tooling to scale your and the security team’s impact.
- Experience working in Google Cloud (GCP) (a bonus).
- Experience writing production code in the most popular languages at Handshake: Ruby, Typescript and Go (a bonus).
- Experience building agentic systems to solve security problems (a bonus).
Qualifications
- Strong technical background in software development.
- Experience with cloud platforms such as Google Cloud (GCP).
- Experience with Ruby, TypeScript, and Go.
- Experience with threat modeling and risk assessments.
- Experience with secure coding practices and methodologies.
- Experience with cloud-native applications and infrastructure.
Skills
- Experience with cloud platforms such as Google Cloud (GCP).
- Experience with Ruby, TypeScript, and Go.
- Experience with threat modeling and risk assessments.
- Experience with secure coding practices and methodologies.
- Experience with cloud-native applications and infrastructure.
Benefits
Compensation Range: $176K - $220K