Thumbtack · 4 hours ago
Staff Application Security Engineer
United States
Full-time
Remote
Lead/Staff
$250K/yr - $323K/yr
8+ years expThumbtack helps millions of people confidently care for their homes, and they are seeking a Staff Application Security Engineer to enhance their cybersecurity posture. This role involves owning the technical direction for application security, leading cross-functional security initiatives, and embedding security into systems and developer workflows to support innovation.
Home ServicesLocalProfessional ServicesService Industry
Responsibilities
Own the long-term technical direction for application security across Thumbtack
Build prioritized roadmaps and drive remediation of systemic security risks across the application stack
Lead large, cross-functional security initiatives from problem definition through delivery
Design secure-by-default architectures, standards, and paved paths for engineering teams
Design and implement shared security tooling, libraries, patterns, and services that enable engineering to ship quickly and safely
Embed security into CI/CD pipelines, cloud infrastructure, and developer workflows
Partner with engineering and product leaders to prioritize security investments based on risk, impact, and business goals
Lead application security design reviews, architectural discussions, and threat modeling for critical systems
Contribute code, reviews, and designs to address complex or novel security risks
Mentor engineers and raise the overall security bar through guidance and example
Support security incident response and drive learning through post-incident analysis
Qualification
Required
8+ years of experience in software engineering and application security, including a strong understanding of secure coding practices and application security frameworks
Deep expertise in secure system design and architecture as well as modern application security tools, patterns, and practices (e.g. threat modeling, secure design patterns, authentication and authorization, secrets management, vulnerability discovery and remediation workflows)
Proven track record leading large, cross-functional technical initiatives with sustained impact
Strong experience securing modern, cloud-native systems (AWS and/or GCP)
Strong product intuition and analytical, risk-informed thinking, identifying where security investments will have the highest leverage and measurable impact
Ability to balance pragmatism and rigor, making thoughtful tradeoffs between risk, velocity, and maintainability
Strong sense of ownership and accountability, balancing hands-on technical execution with the ability to mentor others, raise standards, and drive organization-wide improvements in application security
Excellent written and verbal communication skills, with the ability to influence without authority and the ability to explain complex security issues to both technical and non-technical audiences
Company
Thumbtack
Thumbtack is a home services website connecting users with local service providers.
1001-5000 employees
H1B Sponsorship
Thumbtack has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (35)
2024 (48)
2023 (39)
2022 (53)
2021 (69)
2020 (47)
Funding
Current Stage
Late StageTotal Funding
$773.2MKey Investors
Qatar Investment AuthoritySequoia CapitalBaillie Gifford
2024-07-31Debt Financing· $75M
2021-06-15Series G· $275M
2019-07-22Series F· $150M
Leadership Team
Marco Zappacosta
Co-founder & CEO
Recent News
2025-12-02
Morningstar.com
2025-11-19
Company data provided by crunchbase