Sr. Application Security Engineer

US Remote

Full time

Remote

ENGINEERING

• $145K – $165K • Offers Equity

Outlined above is a reasonable estimate of Hims & Hers’s compensation range for this role for US-based candidates. If you're based outside of the US, your recruiter will be able to provide you with an estimated salary range for your location.

The actual amount will take into account a range of factors that are considered in making compensation decisions, including but not limited to skill sets, experience and training, licensure and certifications, and location. Hims & Hers also offers a comprehensive Total Rewards package that may include an equity grant. Consult with your Recruiter during any potential screening to determine a more targeted range based on location and job-related factors.

We are seeking a Senior Application Security Engineer II to join our security team. This role will focus on ensuring the security of our applications throughout the development lifecycle, with an emphasis on modern security practices including AI/ML security considerations. You will work closely with development teams to implement secure coding practices and maintain our application security posture.

• Conduct security assessments using SAST, DAST, and SCA tools to identify vulnerabilities in applications

• Perform code reviews and provide secure coding guidance to development teams

• Implement and maintain GitHub Advanced Security, including secret scanning and code scanning

• Assess and improve security of Infrastructure as Code (IaC) deployments using Terraform

• Evaluate container security in our Docker and Kubernetes environments

• Support CI/CD security integration and automation

• Conduct penetration testing and red team/purple team exercises on applications

• Review and secure API implementations, with focus on GraphQL security

• Evaluate AI/ML model security and implement protections against prompt injection and other AI-specific threats

• Collaborate with the Staff AppSec Engineer on CIAM and advanced AI security initiatives

• Maintain security documentation and contribute to security awareness training

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field

• 5-8 years of experience in application security or a related security field

• Hands-on coding experience and ability to review code in multiple languages

• Professional experience with SAST tools (e.g., SonarQube, Checkmarx, Fortify)

• Professional experience with DAST tools (e.g., Burp Suite, OWASP ZAP)

• Professional experience with SCA tools (e.g., Snyk, Black Duck, WhiteSource)

• Experience with GitHub Advanced Security features

• Container security scanning and IaC security scanning tools experience

• Strong understanding of OWASP Top 10 and secure coding practices

• Experience with penetration testing methodologies

• Knowledge of security frameworks: NIST CSF, NIST 800-53, SOC 2, PCI DSS

• Excellent communication skills to articulate security findings to technical and non-technical stakeholders

• Competitive salary & equity compensation for full-time roles

• Unlimited PTO, company holidays, and quarterly mental health days

• Comprehensive health benefits including medical, dental & vision, and parental leave

• Employee Stock Purchase Program (ESPP)

• 401k benefits with employer matching contribution

• Offsite team retreats

We are committed to building a workforce that reflects diverse perspectives and prioritizes ethics, wellness, and a strong sense of belonging. If you're excited about this role, we encourage you to apply—even if you're not sure if your background or experience is a perfect match.

Hims & Hers is committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, please contact us at accommodations@forhims.com and describe the needed accommodation. Your privacy is important to us, and any information you share will only be used for the legitimate purpose of considering your request for accommodation. Hims & Hers gives consideration to all qualified applicants without regard to any protected status, including disability. Please do not send resumes to this email address.

To learn more about how we collect, use, retain, and disclose Personal Information, please visit our Global Candidate Privacy Statement.