Senior Application Security Engineer

Company	Grindr
Location	San Francisco, CA, USA, Chicago, IL, USA
Salary	$138500 – $190000
Type	Full-Time
Degrees
Experience Level	Senior, Expert or higher

8+ years of experience in Application Security, Software Security, or DevSecOps, with a focus on securing web, mobile, and cloud applications.
Proficiency in security tooling – hands-on experience with SAST/DAST tools (e.g., SonarQube, Snyk, GitHub Advanced Security, BurpSuite, FFUF).
Deep expertise in secure software development – Strong knowledge of OWASP Top 10, secure coding practices, and ability to conduct code reviews to identify security flaws.
Cloud & Infrastructure Security – Experience securing cloud environments (AWS, GCP) and working with containerized architectures (Docker, Kubernetes) or similar.
Strong leadership & communication skills – Ability to lead security initiatives, influence engineering teams, and communicate security risks effectively to technical and non-technical stakeholders.
Experience with regulatory frameworks – Familiarity with SOX, GDPR, PCI, and SOC compliance and ability to ensure applications meet security and regulatory standards.

Assess & Improve Security Posture – Partner with engineering teams to evaluate the security state of our applications (web, mobile, APIs), identify risks, prioritize security efforts, and drive remediation.
Build & Deploy Security Tooling – Architect and manage security solutions, including SAST, DAST, and Fuzzing tools, integrating them seamlessly into our DevSecOps pipelines.
Lead Secure SDLC Initiatives – Collaborate with developers to integrate security into CI/CD workflows, ensuring security is a core component of Grindr’s software development process.
Security Culture & Stakeholder Collaboration – Work cross-functionally with product, engineering, compliance, and executive teams to ensure security is prioritized and embedded into the company’s DNA.
Third-Party & Bug Bounty Programs – Manage security engagements with third-party organizations and oversee Grindr’s bug bounty program to identify and address vulnerabilities proactively.
Incident Response & Threat Modeling – Contribute to security incident response, forensics, and threat modeling efforts, ensuring proactive risk mitigation.
Mentor & Educate – Provide security guidance to engineers, conduct training sessions, and advocate for secure coding practices.

Experience leading bug bounty programs and working with external security researchers.
Hands-on development experience in web and mobile technologies (e.g., Node.js, JavaScript, Swift, Kotlin).
Familiarity with threat modeling frameworks and experience designing secure architectures for large-scale applications.
Knowledge of serverless and microservices security best practices.