[Remote] Staff Security Engineer, Application Security

Note: The job is a remote job and is open to candidates in USA. Homebase is a company that focuses on helping small businesses thrive by providing an everything app for hourly teams. They are seeking a hands-on Staff Security Engineer to lead and shape the Application Security domain, defining the strategy and architectural direction to secure their products while addressing security challenges related to AI-powered features.

Responsibilities

• Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs
• Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production
• Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform
• Drive security and product trade-off decisions at the architectural level, balancing protection with velocity
• Influence company-wide engineering practices and security investments through data-driven recommendations
• Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations
• Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity
• Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness
• Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure
• Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance
• Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale
• Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio
• Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements
• Embed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentation
• Partner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posture
• Pioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownership
• Provide expert guidance during security incidents and lead post-incident analysis to drive systemic improvements
• Curate and author security guidance, patterns, and training content that raises the security bar organization-wide
• Influence security decisions at the department and company level; shape how Homebase invests in security capabilities

Skills

• 10+ years of progressive experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal level
• Deep software engineering experience in production environments, you write code, build tools, and think like an engineer first
• A proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scale
• Hands-on experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructure
• Strong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practices
• Proficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and Rails
• Experience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelines
• Exceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholders
• Demonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivity
• Experience defining application security strategy and maturity roadmaps for a high-growth, product-driven company
• A background in building AI-powered security tools or detection systems
• Speaking experience at security conferences, meetups, or community events
• Experience with threat modeling frameworks adapted for AI/ML systems

Benefits

• Stock options + TFSA/RRSP with 4% company match
• Comprehensive medical, dental, and vision for you and your dependents
• Flex time off + company holidays + designated focus periods
• We invest in builders and believe that curiosity shouldn't have a paywall. That means you'll have access to paid AI tools with minimal restrictions, so you can build, experiment, and level up your craft.
• Maternity/Parental Leave EI top-up support offered (after 6 months of service)
• Work From Anywhere Month + meeting-free weeks yearly
• Life insurance + short/long-term disability coverage
• Meals provided, team offsites, and Customer Days
• For employees located near one of our office hubs, Tuesday and Wednesday are our in-office collaboration days — a time to move faster as a team, build deeper connections, make better decisions, and build together.

Company Overview

Company H1B Sponsorship