Senior Staff Application Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Pura Group Indonesia ยท 13 hours ago

Senior Staff Application Security Engineer

positionPleasant Grove, UT
timeFull-time
remoteHybrid
senioritySenior Level, Lead/Staff
date8+ years exp

Pura is a company reimagining fragrance for the future, combining smart home technology with premium scents. The Senior Staff Application Security Engineer will lead the application security program, ensuring the security of Pura's ecosystem, including mobile apps, cloud-native backend, and IoT hardware, while designing secure workflows for engineering teams.

ManufacturingPackaging ServicesPrintingProject Management

Responsibilities

Lead the design and security review of AI-powered features, ensuring LLM safety (preventing prompt injection, data leakage, and RAG vulnerabilities)
Design and implement "secure-by-default" guardrails and automated security pipelines (SAST, DAST, SCA) that integrate seamlessly into GitHub Actions and CI/CD
Conduct deep-dive manual source code reviews of complex features, focusing on business logic flaws and authorization issues that automated tools miss
Lead proactive application-level threat hunting exercises to identify anomalies and indicators of compromise (IOCs) within the Pura cloud and IoT ecosystem
Own the end-to-end lifecycle of security findings, from triage and reproduction to partnering with engineering for remediation
Act as a technical mentor and "Security Champion" lead for the engineering organization
Perform architectural risk analysis and threat modeling for new product launches
Develop custom security tooling and automation scripts to reduce manual toil
Stay ahead of the curve on IoT security standards and emerging AI attack vectors
Collaborate with the Director of Security to define the AppSec roadmap and track meaningful security metrics
Serve as a technical lead during security incidents, conducting root-cause analysis and post-mortem improvements

Qualification

Application SecurityAI Security ExpertiseCloud SecuritySecure Workflow DesignCoding SkillsInfrastructure as CodeThreat HuntingCommunication

Required

8+ years in Application Security or Software Engineering with a heavy security focus
At least 3 years in a Staff or Lead capacity
Expert-level knowledge of web, mobile (iOS/Android), and API security
Deep familiarity with the OWASP Top 10 and SANS Top 25
Proven experience securing LLM-based applications and understanding AI-specific risks (OWASP for LLMs)
Extensive experience with AWS/GCP security and securing IoT device-to-cloud communication
High proficiency in at least one modern language (Node.js, Python, Go) and the ability to perform manual code reviews in a polyglot environment
Strong experience with Infrastructure as Code (Terraform), container security (Docker/K8s), and CI/CD automation
Ability to simplify complex security risks for executive leadership while providing actionable, code-level guidance to developers

Company

Pura Group Indonesia

twittertwitter
company-logo
Akun LinkedIn Pura Group Indonesia ini telah dialihkan ke akun LinkedIn resmi Pura Group (https://www.linkedin.com/company/puragroupindonesia/posts/?feedView=all).
dateFounded in 2008
location
Yogyakarta, Yogyakarta, IDN
people-size10001+ employees
web-link
https://www.puragroup.com/

Funding

Current Stage
Late Stage
Company data provided by crunchbase