Senior Application Security Engineer

· Remote

Location

Remote

Type

Full Time

Job Description

Apollo.ioJobs
Senior Application Security Engineer

Senior Application Security Engineer

Reposted 14 Hours Ago
Easy Apply
2 Locations
Remote
218K-273K Annually
Senior level
Artificial Intelligence • Enterprise Web • Information Technology • Productivity • Sales • Software • Database
Apollo is the only AI sales tool you need to sell scale and succeed.
The Role
Lead AppSec efforts across product platform and AI features by owning secure SDLC performing threat modeling and deep code reviews driving vulnerability management and remediation building AppSec tooling and automations (including AI-assisted workflows) and enabling engineering teams with secure design guidance and training.
Summary Generated by Built In

Apollo.io is the leading go-to-market solution for revenue teams trusted by over 500000 companies and millions of users globally from rapidly growing startups to some of the world's largest enterprises. Founded in 2015 the company is one of the fastest growing companies in SaaS raising approximately $250 million to date and valued at $1.6 billion. Apollo.io provides sales and marketing teams with easy access to verified contact data for over 210 million B2B contacts and 35 million companies worldwide along with tools to engage and convert these contacts in one unified platform. By helping revenue professionals find the most accurate contact information and automating the outreach process Apollo.io turns prospects into customers. Apollo raised a series D in 2023 and is backed by top-tier investors including Sequoia Capital Bain Capital Ventures and more and counts the former President and COO of Hubspot JD Sherman among its board members.

Role Overview

The Senior Application Security Engineer II is a senior individual contributor responsible for strengthening Apollo’s secure software development lifecycle and reducing application risk across product platform and AI-powered features.

This role blends deep code-level application security work with strong cross-functional partnership. It includes application security reviews threat modeling AppSec tooling findings triage and remediation follow-through external testing intake and developer enablement.

This role is calibrated at the L6 senior-IC level: owning semi-annual or annual goals solving ambiguous problems with sound judgment improving operational processes and driving meaningful cross-team collaboration and influence.

Key ResponsibilitiesSecure SDLC design review and threat modeling
  • Own and continuously improve the secure software development lifecycle for Apollo applications so security is embedded into design implementation and deployment.
  • Perform application security reviews threat modeling and deep code-level analysis for high-impact product platform and AI features before launch.
  • Provide practical security architecture guidance to Engineering Product and IT teams.
  • Help define and maintain application-security guardrails secure design expectations code review standards and risk models for new and existing systems.
Vulnerability management and hands-on remediation
  • Drive execution-heavy vulnerability management across internal reviews bug bounty pentests SCA/runtime findings and other research signals ensuring findings are validated prioritized routed clearly and tracked through remediation and verification within SLAs.
  • Go beyond identifying issues: read the code explain root cause propose the safest fix and directly implement or support remediation when needed for complex vulnerabilities.
  • Perform hands-on validation and offensive security testing of applications and fixes including exploit development bypass testing adversarial thinking and focused red-team-style exercises to confirm remediations address the underlying issue rather than only the initial symptom.
  • Work across the kinds of application security issues common in modern SaaS environments including authentication and authorization weaknesses access control risks OAuth and CSRF design flaws SSRF cryptographic and verification issues information disclosure and data exposure risks unsafe execution and deserialization patterns and dependency or runtime vulnerabilities.
  • Apply clear risk-based severity decisions using exploitability data sensitivity customer impact and blast radius.
Tooling automation and AI
  • Configure and improve AppSec tooling and integrations including SAST configuration ignore lists dashboards and other controls that maintain useful coverage without excessive noise.
  • Select build or refine security tooling small automations and workflow enrichments that reduce manual effort and scale AppSec operations responsibly.
  • Use AI to automate transform and scale security and engineering-adjacent processes where it materially improves speed consistency or signal quality while still validating outputs with strong engineering judgment.
  • Embed AI-specific security checks into SSDLC reviews and code analysis including input and output handling AI-exposed APIs prompt and response guardrails and abuse or data-exfiltration paths.
  • Partner cross-functionally on AI security requirements and controls so AI systems and AI-powered features are designed deployed and operated securely.
Engineering enablement and partnership
  • Support and scale security enablement for engineers and security champions including secure coding AppSec and AI-safety content.
  • Provide actionable remediation guidance secure patterns and examples that help engineering teams fix issues quickly and correctly.
  • Partner closely with Engineering Product Platform Data Legal and other security teams to keep AppSec priorities aligned with business risk and product velocity.
  • Produce clear documentation metrics and written narratives that improve AppSec visibility observability and decision-making.
What Good Looks Like at L6
  • Owns meaningful AppSec goals over a semi-annual or annual horizon and independently identifies the right solutions to ambiguous open-ended problems.
  • Drives cross-team collaboration and operational improvements beyond isolated tickets or one-off reviews.
  • Makes informed decisions by balancing technical detail business context customer trust and long-term risk.
  • Sets a high bar for ownership communication mentoring and technical judgment and helps raise the effectiveness of peers and partner teams.
Required Skills & Experience
  • 5+ years of software engineering or application security experience with meaningful hands-on AppSec depth in modern SaaS environments.
  • Strong software development skills and the ability to read write and ship production code; Ruby experience is highly valuable and Python or similar scripting ability is a plus.
  • Strong Linux and cloud fundamentals ideally with experience in GCP-backed environments.
  • Deep familiarity with common AppSec issues secure design secure authentication and authorization patterns vulnerability management and developer security tooling.
  • Demonstrated ability to perform deep code review penetration testing and exploit-oriented validation and to either fix vulnerabilities directly or work closely with engineers to land durable remediations that hold up against bypass attempts and variant analysis.
  • Experience handling findings from bug bounty pentests internal reviews or automated security tooling through closure and verification.
  • Experience using AI-assisted tools automations APIs or structured workflows to improve engineering or security processes at scale.
  • Experience securing AI-powered systems or features including AI API exposure prompt and response handling data protection misuse scenarios and monitoring expectations.
  • Strong written and verbal communication stakeholder management and influencing skills across technical and non-technical partners.
Preferred Qualifications
  • Experience supporting or leading security reviews for AI-native products internal agents or AI-assisted engineering workflows.
  • Experience improving secure-by-design practices and AppSec observability in a fast-moving engineering organization.
  • Experience with security training developer enablement or security champions programs.
  • Relevant security certifications are a plus.
Example Success Outcomes
    • Improve the health and flow of AppSec findings by keeping prioritization remediation and verification moving within defined SLAs.
    • Complete recurring application reviews or threat models for important systems and features.
    • Increase engineering adoption of secure patterns AppSec tooling and security training.
    • Reduce manual toil and improve AppSec signal quality through targeted automation and responsible use of AI-assisted workflows.

The listed Pay Range reflects the total cash compensation inclusive of annual base salary and annual bonus as applicable. For sales roles the range provided is the role’s On Target Earnings ("OTE") range meaning that the range includes both the sales commissions/sales bonus target and annual base salary for the role. This salary range may be inclusive of several career levels at Apollo and will be narrowed during the interview process based on a number of factors including the candidate’s experience qualifications and location. Applicants interested in this role who are not located in the US may request the annual salary range for their location during the interview process.

Additional benefits for this role may include: equity; company bonus or sales commissions/bonuses; 401(k) plan; at least 10 paid holidays per year flex PTO and parental leave; employee assistance program and wellbeing benefits; global travel coverage; life/AD&D/STD/LTD insurance; FSA/HSA and medical dental and vision benefits.

Tier 1 Pay Range (San Francisco New York City Seattle)
$218000$273000 USD
Tier 2 Pay Range (All other US Locations)
$190000$237000 USD
We are AI Native

Apollo.io is an AI-native company built on a culture of continuous improvement. We’re on the front lines of driving productivity for our customers—and we expect the same mindset from our team. If you're energized by finding smarter faster ways to get things done using AI and automation you'll thrive here.

Why You’ll Love Working at Apollo

At Apollo we’re driven by a shared mission: to help our customers unlock their full revenue potential. That’s why we take extreme ownership of our work move with focus and urgency and learn voraciously to stay ahead.

We invest deeply in your growth ensuring you have the resources support and autonomy to own your role and make a real impact. Collaboration is at our core—we’re all for one meaning you’ll have a team across departments ready to help you succeed. We encourage bold ideas and courageous action giving you the freedom to experiment take smart risks and drive big wins.

If you’re looking for a place where your work matters where you can push boundaries and where your career can thrive—Apollo is the place for you. 

Learn more here!

Skills Required

  • 5+ years of software engineering or application security experience
  • Strong software development skills; ability to read write and ship production code
  • Experience with Ruby
  • Experience with Python or similar scripting
  • Strong Linux fundamentals
  • Cloud fundamentals
  • Experience with GCP-backed environments
  • Deep familiarity with common AppSec issues secure design authentication and authorization patterns and developer security tooling
  • Demonstrated ability to perform deep code review penetration testing exploit-oriented validation and remediation support
  • Experience handling findings from bug bounty pentests internal reviews or automated security tooling through closure and verification
  • Experience using AI-assisted tools automations APIs or structured workflows to improve engineering or security processes at scale
  • Experience securing AI-powered systems or features (AI API exposure prompt/response handling data protection misuse scenarios)
  • Strong written and verbal communication stakeholder management and influencing skills
  • Experience supporting or leading security reviews for AI-native products or AI-assisted workflows
  • Experience improving secure-by-design practices and AppSec observability in fast-moving engineering organizations
  • Experience with security training developer enablement or security champions programs
  • Relevant security certifications

What the Team is Saying

Allie
Gabriel
Alexa
Michelle
Alekhya
Cam
Jennifer
Vince

Apollo.io Compensation & Benefits Highlights

  • Leave & Time Off BreadthFlexible/unlimited PTO is standard paid holidays are included and employees can and do take time off.
  • Healthcare StrengthMedical dental and vision coverage are available across supported countries with additional mental-health/coaching support and U.S. plan options.
  • Parental & Family SupportAn expanded global parental leave program provides lengthy paid leave for birthing and non-birthing parents.

Apollo.io Insights

Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
850 Employees
Year Founded: 2015

What We Do

Apollo is a $1.6B AI-powered sales platform that helps revenue teams find and engage leads automate outreach manage deals and enrich data — all in one place. Known for its industry-leading B2B database of more than 210 million contacts and 35 million companies Apollo’s end-to-end platform helps businesses of all sizes unlock their full market potential with unparalleled precision and ease. Trusted by 500000+ companies including Autodesk Cyera and DocuSign Apollo is building the number one go-to-market platform to make the sales process intelligent turnkey and accessible for all. Visit [apollo.io](http://apollo.io/) to learn more.

Why Work With Us

Apollo is building the #1 AI-powered go-to-market platform trusted by 500000+ companies. We move fast invest in our people and promote from within. You'll work on meaningful problems with a curious driven team that values ownership growth and impact. Join us and help shape the future of sales.

Gallery

Apollo.io Teams

Team
Sales
Team
Engineering
About our Teams

Apollo.io Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

We offer both remote and in-person roles so you can work from home or from one of our growing office hubs.

Typical time on-site: Not Specified
HQUS - Remote
Mexico City
Austin Texas
Salt Lake City UT
Learn more

Similar Jobs

Apollo.io

Senior Software Engineer

Artificial Intelligence • Enterprise Web • Information Technology • Productivity • Sales • Software • Database
Easy Apply
Remote
Canada
850 Employees
55K-130K Annually
Apply Now

Date Posted

07/08/2026

Views

0

Back to Job Listings Add To Job List Company Profile View Company Reviews
Neutral
Subjectivity Score: 0
142,000+ Jobs Tracked
12,400+ Companies
1,930 Categories