Skip to content
Senior Application Security Engineer
| Company | DFINITY |
|---|
| Location | San Francisco, CA, USA |
|---|
| Salary | $150000 – $235000 |
|---|
| Type | Full-Time |
|---|
| Degrees | |
|---|
| Experience Level | Senior |
|---|
Requirements
- 5+ years of experience in product or application security roles.
- Strong proficiency in Rust and familiarity with web frontends, especially from a secure software development and auditing perspective.
- Hands-on experience developing or integrating fuzz testing and dynamic analysis tools.
- Deep knowledge of application security fundamentals, including secure coding, common vulnerabilities, and attack surface minimization.
- Demonstrated ability to identify and remediate complex security design flaws.
- Exposure to blockchain, smart contract, or Web3 systems security concerns and risk models.
- Excellent communication and collaboration skills in cross-functional environments.
Responsibilities
- Perform in-depth security design and code reviews, particularly in Rust and web frontends, and extending to system security aspects. Identify potential vulnerabilities and design flaws.
- Design, implement, use, and maintain static and dynamic analysis tools and fuzz testing frameworks for continuous security validation.
- Lead threat modeling sessions and proactively shape the secure design of complex systems.
- Leverage knowledge of application security attack vectors and standards such as OWASP, CWE, and CAPEC to inform secure development.
- Champion secure-by-design practices and partner closely with engineering to embed security throughout the SDLC. Promote security best practices within DFINITY and the ICP community.
- Contribute to incident response coordination and third party vulnerability management.
- Contribute security expertise to systems that interact with Web3 technologies and decentralized architectures, identifying unique risks in blockchain-based applications.
Preferred Qualifications
- Experience contributing to open source security tools or frameworks.
- Familiarity with blockchain protocol-level vulnerabilities or smart contract audits.
- Familiarity with or proficiency in systems security is a strong plus, such as: Experience with Trusted Execution Environments (TEEs) using AMD SEV-SNP, Linux OS and process isolation security, including syscall filtering, SELinux, seccomp, sandboxing untrusted processes, kernel vulnerabilities, Hypervisor and virtualization security, including QEMU, VM isolation, guest-to-host escapes, side-channel attacks, container security.
- AI/LLM security expertise is a major plus — including understanding adversarial attacks, prompt injection, model data leakage, and safe deployment of deep learning models.
- Past work in environments with high-assurance security or regulated sectors is a bonus.
