Senior Application Security Engineer

Hippo

Hybrid

Quick summary

Work type: Hybrid
Location: Austin, TXDallas, TX
Posted: 57 days ago
Nearby: 99+ roles within 25 mi

Market check

Salary context

How this pay compares to similar roles

Similar $197k

$155k most similar roles pay here $239k

This listing doesn't post a salary. Most similar roles pay $163,375–$231,081.

Based on 240 similar postings.

Employer

About Hippo

Hippo Insurance is a home insurance company that offers proactive home insurance products using smart home technology and data to help homeowners prevent claims before they happen. Industry: Insurance Technology & Homeowners Insurance

Hippo currently has 7 open roles on FindRole.

Most-posted roles

View all roles at Hippo

At a glance

TL;DR · Senior Application Security Engineer

Apply Now Log in to save

The Senior Application Security Engineer role at Hippo is a senior individual contributor position within the cybersecurity team, focusing on driving application security outcomes across engineering. This expert will provide deep technical guidance and influence secure design decisions in modern web applications, APIs, distributed systems, and cloud environments. Key responsibilities include conducting architecture reviews, identifying risks, and mentoring engineers to embed secure practices. The ideal candidate has over six years of experience in application security, with expertise in authentication protocols, CI/CD pipelines, and automated tooling like SAST and DAST. Familiarity with Kubernetes and container security is a plus, as is threat modeling and adversarial testing experience. This role emphasizes technical leadership, cross-functional collaboration, and elevating the overall security maturity of engineering teams.

Skills

Python Java OAuth2 OIDC SAML JWT MFA Kubernetes Terraform AWS CI/CD Docker PostgreSQL SAST DAST SCA Prometheus Grafana

What you'll do

Serve as a senior subject matter expert in application security, providing authoritative guidance.
Identify and assess application-centric security risks across code, CI/CD pipelines, identity systems, and cloud environments.
Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact.
Apply threat modeling and adversarial thinking to inform defensive improvements and strengthen application resilience.
Mentor engineers and security partners across teams to improve secure design and decision-making at scale.

What we're looking for

6+ years of experience in application security or product security roles.
Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms.
Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).
Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective.
Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection).
Proven ability to review system designs, data flows, and identify architectural security risks.
Proficiency in one or more modern programming languages.

Save