Source Job

$175,000–$200,000/yr
United States Dominican Republic Canada

  • Lead application and product security across Forward-built, third-party, and AI-built software.
  • Evolve the pentest program to aggressively test and remediate vulnerabilities in existing and new software.
  • Build and integrate AI solutions within the appsec function.

Application Security Penetration Testing AWS Python Vulnerability Management

20 jobs similar to Team Lead, AppSec

Jobs ranked by similarity.

$131,250–$150,000/yr
United States Canada Dominican Republic Unlimited PTO

  • Lead application and product security across Forward-built, third-party, and AI-built software.
  • Evolve the pentest program and proactively build AI solutions within the appsec function.
  • Own remediation workflows and partner with teams to build controls for external exposure.

Forward Financing is a financial technology company that unlocks capital for small businesses across America. They are a recognized Best Place to Work with a remote-first culture and team members across the US, Canada, and Dominican Republic.

Canada

  • Lead a specialized team of security engineers focused on application, cloud, and AI system security.
  • Champion shift-left security practices including threat modeling, secure code review, and developer training.
  • Define cloud security standards and enforce security for AI systems including LLM-based agents.

Acquia empowers ambitious brands to create digital customer experiences using open source Drupal. Headquartered in Boston, MA, it is a Great Place to Work-Certified company and among the world's top software companies.

India

  • Partner with engineering, product, and DevOps teams to integrate security practices throughout the SDLC, focusing on cloud-native environments and automated pipelines.
  • Design, implement, and maintain security tooling and gates within CI/CD pipelines covering SAST, DAST, SCA, secrets detection, and container scanning.
  • Lead threat modeling, conduct application security assessments including code review and manual penetration testing, and triage bug bounty reports.

Hyland is the pioneer of the Content Innovation Cloud, delivering ubiquitous enterprise intelligence to organizations. With a team of nearly 4,000 employees, the company fosters an employee-centric culture focused on community impact and innovation.

$175,000–$215,000/yr
US 4w PTO 12w maternity 12w paternity

  • Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
  • Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
  • Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.

Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.

$60,000–$211,000/yr
Canada

  • Embed secure-by-design principles across cloud, SaaS, and AI-driven systems.
  • Lead threat modeling sessions and security design reviews for applications, APIs, and microservices.
  • Define security standards, mentor engineers, and drive organization-wide risk reduction programs.

Jobgether uses an AI-powered matching process to connect candidates with hiring companies quickly and objectively. They are a remote-first, globally distributed company with an inclusive engineering culture.

US 5w PTO

  • Own key security domains such as vulnerability management, application security, API security, and supply chain security.
  • Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
  • Develop and improve security tooling and automation to reduce manual effort and leverage AI for triage and detection.

NinjaTrader is an industry-leading trading platform and futures broker that empowers traders with award-winning software and brokerage services. Since 2003, the company has grown to over 2 million users and is the number one rated futures brokerage worldwide, fostering a dynamic culture focused on social connection, professional development, and employee recognition.

$82,550–$170,180/yr
UK

  • Lead penetration testing engagements on applications with complex technology stacks, working independently and collaboratively.
  • Contextualize vulnerabilities and assess realistic impact to clients, ensuring quality reports and services are delivered efficiently.
  • Maintain strong depth of knowledge in application security and mentor teammates while collaborating with project managers and delivery teams.

Coalfire is a cybersecurity firm that helps clients navigate complex security challenges through advisory, assessment, and automation services. The company is headquartered in Chicago with offices across the U.S. and U.K., and supports clients worldwide with a team of passionate cybersecurity experts.

$120,000–$154,440/yr
US 12w maternity 12w paternity

  • Architect, design, and implement end-to-end security solutions including firewalls, intrusion detection, and cloud security controls.
  • Collaborate with DevOps to integrate security into CI/CD pipelines and automate secure deployments.
  • Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations.

Figure is transforming capital markets through blockchain, powering real products used by hundreds of thousands of consumers and institutions. With over 170 partners and $22 billion in home equity loans originated, Figure is the largest non-bank provider of home equity financing in the U.S., recognized as one of Forbes' Most Innovative Fintech Startups in 2025.

US

  • Secure AI systems and use AI to scale security, conducting security reviews and threat modeling of AI-integrated product features.
  • Deliver end-to-end application security reviews for high-risk features, working directly with engineering teams to surface and close risk.
  • Advance CI/CD pipeline security by operating and evolving security scanning controls in GitLab pipelines.

Smartsheet empowers teams to manage work and scale solutions by uniting human teams with AI agents. They are a large company with over 20 years of experience, fostering a culture where ideas are heard and contributions have real impact.

US 4w PTO

  • Lead application security reviews, threat modeling, and secure code review for new features and significant product changes.
  • Operate and improve SAST, DAST, and SCA tooling, triage findings, and partner with engineering teams to harden the codebase.
  • Plan and execute internal penetration tests against web applications, APIs, and mobile clients, and own the vulnerability management lifecycle.

ButterflyMX empowers people to automate property access, operations, and security from a single platform, serving over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by a shared commitment to excellence and innovation.

Global Unlimited PTO

  • Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
  • Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
  • Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.

MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.

US

  • Lead implementation and optimization of AppSec tools such as SAST, DAST, and SCA across client environments.
  • Conduct manual application and API security assessments, identifying vulnerabilities and recommending remediation strategies.
  • Advise clients on secure SDLC practices and integrate security tools into CI/CD pipelines.

The company is a cybersecurity consulting firm that helps organizations design and operationalize application security programs. It operates with a remote-first culture and a collaborative, client-facing team.

Global Unlimited PTO

  • Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
  • Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
  • Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.

Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.

UK Global

  • Lead and own the ongoing operation and maintenance of Samsara’s vulnerability management program.
  • Collaborate with engineering teams to track and support the remediation of identified vulnerabilities.
  • Champion Samsara’s cultural principles in daily work.

Samsara is the pioneer of the Connected Operations Cloud, enabling organizations to harness IoT data for actionable insights. As a recently public company with a global team, they foster a culture of rapid career development and encourage employees to architect their own careers.

US Unlimited PTO

  • Deliver Application Security services including threat modeling, architecture reviews, and program assessments.
  • Author comprehensive reports tailored to technical and managerial audiences with remediation strategies.
  • Contribute to practice development and mentor team members while embracing emerging technologies.

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. With over 1,200 employees, the company fosters a collaborative culture focused on mentorship and knowledge sharing.

Indonesia

  • You will lead Ajaib's offensive security program and take a hands-on role in testing the resilience of our technology.
  • You will design and execute penetration tests, red-team exercises, and security assessments across mobile apps, APIs, cloud, and corporate environments.
  • You will partner with engineering and security teams to validate remediation and provide clear guidance to reduce risk without slowing delivery.

Ajaib is an Indonesian investment platform helping people access and manage investments across stocks, crypto, and US stocks. As a growing fintech company, we are committed to protecting our customers, products, and technology to maintain trust.

US

  • Design, build, and operate an AI-augmented red teaming harness using frontier LLM APIs.
  • Conduct adversarial testing across four attack perspectives to discover and chain vulnerabilities.
  • Assume ownership of security stage-gates within our CI/CD pipeline.

We provide a cloud-native platform called Silo that enables digital analysts to securely and anonymously investigate threats. We serve over 750 organizations and value integrity, collaboration, and innovation.

Global Unlimited PTO

  • Lead a distributed engineering organization of nine teams, setting the vision and roadmap for proprietary scanners, AI-driven detection, and agentic remediation.
  • Drive architectural decisions for security detection engines and scalable scanning infrastructure while partnering with product management to prioritize customer needs.
  • Own delivery of security capabilities and represent the Security Factory in cross-functional planning, executive reviews, and customer conversations.

GitLab provides an intelligent orchestration platform for DevSecOps, enabling organizations to improve developer productivity and reduce security risks. With over 50 million users and trust from more than 50% of the Fortune 100, GitLab fosters a high-performance, AI-driven culture where all team members are expected to integrate AI into their workflows.

$100,000–$160,000/yr
North America

  • Build and lead a high-performing Infrastructure Security team focused on cloud security, SASE, WAF, and edge technologies.
  • Drive security improvements, maintain KPIs on cloud security posture and incident response, and ensure tactical team oversight.
  • Partner with cross-functional teams and assume the role of Incident Manager during cloud or edge security events.

Applied Systems is an insurtech company that delivers innovative software and services to transform the insurance industry. With over 40 years of experience, the company fosters a culture of learning, collaboration, and diversity to empower its employees and customers alike.

India

  • Lead security initiatives across infrastructure, applications, cloud, and enterprise deployments to ensure a strong security posture.
  • Conduct penetration testing, vulnerability assessments, and security reviews to proactively identify and mitigate risks.
  • Collaborate with engineering, DevOps, and machine learning teams to embed security best practices into products and processes.

The company develops innovative AI-driven products for highly regulated environments. They operate with a startup culture, emphasizing collaboration, autonomy, and continuous improvement.