[Remote] Staff Security Engineer, Application Security

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. Homebase is a company that focuses on helping small businesses thrive by providing an everything app for hourly teams. They are seeking a hands-on Staff Security Engineer to lead and shape the Application Security domain, defining the strategy and architectural direction to secure their products while addressing security challenges related to AI-powered features.ResponsibilitiesDefine and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRsArchitect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach productionEvaluate emerging security technologies and make build-versus-buy decisions that shape the security platformDrive security and product trade-off decisions at the architectural level, balancing protection with velocityInfluence company-wide engineering practices and security investments through data-driven recommendationsLead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrationsDesign and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrityCreate AI-powered vulnerability detection and security automation that multiplies the team’s effectivenessPartner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructureStay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidanceBuild and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scaleOwn the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolioOwn the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvementsEmbed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentationPartner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posturePioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownershipProvide expert guidance during security incidents and lead post-incident analysis to drive systemic improvementsCurate and author security guidance, patterns, and training content that raises the security bar organization-wideInfluence security decisions at the department and company level; shape how Homebase invests in security capabilitiesSkills10+ years of progressive experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal levelDeep software engineering experience in production environments, you write code, build tools, and think like an engineer firstA proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scaleHands-on experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructureStrong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practicesProficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and RailsExperience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelinesExceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholdersDemonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivityExperience defining application security strategy and maturity roadmaps for a high-growth, product-driven companyA background in building AI-powered security tools or detection systemsSpeaking experience at security conferences, meetups, or community eventsExperience with threat modeling frameworks adapted for AI/ML systemsBenefitsStock options + TFSA/RRSP with 4% company matchComprehensive medical, dental, and vision for you and your dependentsFlex time off + company holidays + designated focus periodsWe invest in builders and believe that curiosity shouldn't have a paywall. That means you'll have access to paid AI tools with minimal restrictions, so you can build, experiment, and level up your craft.Maternity/Parental Leave EI top-up support offered (after 6 months of service)Work From Anywhere Month + meeting-free weeks yearlyLife insurance + short/long-term disability coverageMeals provided, team offsites, and Customer DaysFor employees located near one of our office hubs, Tuesday and Wednesday are our in-office collaboration days — a time to move faster as a team, build deeper connections, make better decisions, and build together.Company OverviewHomebase is a software application that provides tools for employee scheduling, time tracking, communication, and task management. It was founded in 2014, and is headquartered in San Francisco, California, USA, with a workforce of 201-500 employees. Its website is http://www.joinhomebase.com.Company H1B SponsorshipHomebase has a track record of offering H1B sponsorships, with 1 in 2025, 3 in 2023, 6 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Sales Representative - New Orleans - Vocera

Remote

Immediate Hiring: Entry Level/No Experience Data Entry Specialist – careerzynith

Remote

Experienced Customer Service Representative – Remote Work Opportunity with blithequark

Remote

[Remote] Sr. Cloud Security Engineer/Architect

Remote

**Experienced Part-Time Remote Data Entry Clerk – Flexible Hours, Competitive Pay**

Remote

Manager, Enterprise Communications

Remote

Integrated Resources is hiring: Cloud Developer (Remote). in Richmond

Remote

Experienced Spanish Speaking Customer Support Specialist – Remote Work Opportunity with arenaflex

Remote

Urgently Need Center-Based Registered Behavior Technician - $1,000 Sign ON Bonus in Carmel, IN

Remote

[Remote] Senior Real Estate Analyst (Affordable Housing)

Remote
← Back