Pura · 1 day ago
Senior Staff Application Security Engineer
Pleasant Grove, UT
Full-time
Hybrid
Senior Level, Lead/Staff
8+ years expPura is a company focused on reimagining fragrance through technology and innovation. As a Senior Staff Application Security Engineer, you will be responsible for leading the application security program, ensuring the safety of Pura's mobile apps, cloud backend, and IoT hardware while empowering engineering teams to maintain security best practices.
Consumer ElectronicsInternet of ThingsMarketplaceSmart HomeSubscription Service
Responsibilities
Lead the design and security review of AI-powered features, ensuring LLM safety (preventing prompt injection, data leakage, and RAG vulnerabilities)
Design and implement "secure-by-default" guardrails and automated security pipelines (SAST, DAST, SCA) that integrate seamlessly into GitHub Actions and CI/CD
Conduct deep-dive manual source code reviews of complex features, focusing on business logic flaws and authorization issues that automated tools miss
Lead proactive application-level threat hunting exercises to identify anomalies and indicators of compromise (IOCs) within the Pura cloud and IoT ecosystem
Own the end-to-end lifecycle of security findings, from triage and reproduction to partnering with engineering for remediation
Act as a technical mentor and "Security Champion" lead for the engineering organization
Perform architectural risk analysis and threat modeling for new product launches
Develop custom security tooling and automation scripts to reduce manual toil
Stay ahead of the curve on IoT security standards and emerging AI attack vectors
Collaborate with the Director of Security to define the AppSec roadmap and track meaningful security metrics
Serve as a technical lead during security incidents, conducting root-cause analysis and post-mortem improvements
Qualification
Required
8+ years in Application Security or Software Engineering with a heavy security focus
At least 3 years in a Staff or Lead capacity
Expert-level knowledge of web, mobile (iOS/Android), and API security
Deep familiarity with the OWASP Top 10 and SANS Top 25
Proven experience securing LLM-based applications and understanding AI-specific risks (OWASP for LLMs)
Extensive experience with AWS/GCP security and securing IoT device-to-cloud communication
High proficiency in at least one modern language (Node.js, Python, Go) and the ability to perform manual code reviews in a polyglot environment
Strong experience with Infrastructure as Code (Terraform), container security (Docker/K8s), and CI/CD automation
Ability to simplify complex security risks for executive leadership while providing actionable, code-level guidance to developers
Company
Pura
Keurig built a marketplace for coffee brands, Pura is doing that, but in home fragrance with the biggest brands people know and love.
201-500 employees
H1B Sponsorship
Pura has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (1)
2021 (1)
2020 (1)
Funding
Current Stage
Growth StageTotal Funding
$4.4MKey Investors
Kickstart
2022-01-01Series Unknown
2020-02-20Seed· $4.4M
Leadership Team
Bruno M. Lima
Co-Founder & CEO
Richie Stapler
Co-Founder
Recent News
Designers Today
2025-12-09
Global Cosmetic Industry Magazine
2025-12-06
Company data provided by crunchbase