Senior Application Security Engineer

<p><strong>Title: </strong>Senior Application Security Engineer</p> <p><strong>Location:</strong> San Jose, CA / Morristown, NJ (hybrid)</p> <p><strong>Reports To:</strong> Sr. Manager, Cybersecurity</p> <p><strong>About Hippo</strong></p> <p><span data-contrast="auto">Hippo was built on a&nbsp;promise:&nbsp;make homeownership effortless.&nbsp;Nearly a&nbsp;decade later, that&nbsp;mission&nbsp;still drives us.&nbsp;We&nbsp;use technology&nbsp;and&nbsp;data&nbsp;to help&nbsp;our customers stay ahead of&nbsp;problems&nbsp;and&nbsp;protect what matters&nbsp;most.&nbsp;</span><span data-ccp-props="{&quot;335559738&quot;:240,&quot;335559739&quot;:240}">&nbsp;</span></p> <p><span data-contrast="auto">Today, that same&nbsp;tech-native&nbsp;approach powers our work beyond homeowners.&nbsp;Hippo&nbsp;operates&nbsp;as a diversified&nbsp;carrier&nbsp;platform, partnering with MGAs to deliver tailored program solutions that help them grow and deliver better customer experiences.&nbsp;Behind that work is a team that values ownership, curiosity, collaboration, and continuous improvement.</span><span data-ccp-props="{&quot;335559738&quot;:240,&quot;335559739&quot;:240}">&nbsp;</span></p> <p><span data-contrast="auto">If&nbsp;you're&nbsp;energized by building&nbsp;what's&nbsp;next,&nbsp;we'd&nbsp;love to meet you.</span><span data-ccp-props="{&quot;335559738&quot;:240,&quot;335559739&quot;:240}">&nbsp;</span></p> <p><strong>About the Role</strong></p> <p data-start="695" data-end="1063">The Senior Application Security Engineer is a senior individual contributor responsible for driving application security outcomes across Hippo’s engineering organization. This role serves as a trusted subject matter expert in application security, providing deep technical guidance and influencing secure design decisions across multiple teams, products, and services.</p> <p data-start="1065" data-end="1505">This position is application-security–first, with intentional overlap into cloud and platform security where application code, identity, CI/CD pipelines, and infrastructure intersect. While the role does not own infrastructure, security programs, or formal departmental priorities, it is accountable for identifying application-centric risks and guiding high-impact security decisions through expertise, partnership, and advisory influence.</p> <p data-start="1507" data-end="1847">Operating with significant autonomy, the Senior Application Security Engineer independently owns complex and ambiguous security challenges end-to-end, ensuring outcomes align with business objectives and risk tolerance. This role emphasizes technical leadership, cross-functional collaboration, and mentorship rather than people management.</p> <p data-start="1507" data-end="1847"><strong>About You</strong></p> <p data-start="1868" data-end="2206">You are a seasoned application security professional with deep technical expertise and strong judgment, trusted to guide complex security decisions in high-impact environments. You think adversarially, understand modern application architectures, and can clearly articulate risk tradeoffs to engineering, product, and security leadership.</p> <p data-start="2208" data-end="2550">You are comfortable operating independently in ambiguous situations, influencing outcomes through credibility and collaboration rather than formal authority. You communicate clearly, mentor others naturally, and help elevate application security maturity across teams by embedding secure design principles into everyday engineering practices.</p> <p><strong>What You'll Do: </strong></p> <ul> <li data-start="2576" data-end="2777"> <p data-start="2578" data-end="2777">Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks.</p> </li> <li data-start="2778" data-end="2921"> <p data-start="2780" data-end="2921">Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services.</p> </li> <li data-start="2922" data-end="3086"> <p data-start="2924" data-end="3086">Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments.</p> </li> <li data-start="3087" data-end="3220"> <p data-start="3089" data-end="3220">Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact.</p> </li> <li data-start="3221" data-end="3366"> <p data-start="3223" data-end="3366">Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience.</p> </li> <li data-start="3367" data-end="3501"> <p data-start="3369" data-end="3501">Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance.</p> </li> <li data-start="3502" data-end="3660"> <p data-start="3504" data-end="3660">Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance.</p> </li> <li data-start="3661" data-end="3790"> <p data-start="3663" data-end="3790">Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection).</p> </li> <li data-start="3791" data-end="3931"> <p data-start="3793" data-end="3931">Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale.</p> </li> <li data-start="3932" data-end="4069"> <p data-start="3934" data-end="4069">Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction.</p> </li> </ul> <p><strong>Must Haves:</strong></p> <ul data-start="4091" data-end="4900"> <li data-start="4091" data-end="4168"> <p data-start="4093" data-end="4168">6+ years of experience in application security or product security roles.</p> </li> <li data-start="4091" data-end="4168">Strong understanding of Customer Identity Access Management (CIAM), authentication and identity protocols. (OAuth2, OIDC, SAML, JWT, MFA).</li> <li data-start="4169" data-end="4285"> <p data-start="4171" data-end="4285">Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.</p> </li> <li data-start="4286" data-end="4398"> <p data-start="4288" data-end="4398">Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms.</p> </li> <li data-start="4497" data-end="4596"> <p data-start="4499" data-end="4596">Proven ability to review system designs, data flows, and identify architectural security risks.</p> </li> <li data-start="4597" data-end="4720"> <p data-start="4599" data-end="4720">Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective.</p> </li> <li data-start="4721" data-end="4839"> <p data-start="4723" data-end="4839">Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection).</p> </li> <li data-start="4840" data-end="4900"> <p data-start="4842" data-end="4900">Proficiency in one or more modern programming languages.</p> </li> </ul> <p data-start="4902" data-end="4918"><strong data-start="4902" data-end="4918">Nice to Have:</strong></p> <ul data-start="4919" data-end="5327"> <li data-start="4919" data-end="5004"> <p data-start="4921" data-end="5004">Experience threat modeling or assessing AI-powered features and LLM integrations.</p> </li> <li data-start="5005" data-end="5092"> <p data-start="5007" data-end="5092">Application-focused penetration testing or adversarial security testing experience.</p> </li> <li data-start="5093" data-end="5212"> <p data-start="5095" data-end="5212">Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.</p> </li> <li data-start="5213" data-end="5264"> <p data-start="5215" data-end="5264">Experience operating in regulated environments.</p> </li> <li data-start="5265" data-end="5327"> <p data-start="5267" data-end="5327">Relevant security certifications (e.g., OSWE, GWAPT, CSSLP).</p> </li> </ul> <p><strong>Benefits and Perks:</strong></p> <p><span data-contrast="none">Hippo treats its team members with the same level of dedication and care as we do our customers, which is why we’re fortunate to provide all of our Hippos with:</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:240,&quot;335559739&quot;:240}">&nbsp;</span></p> <ul> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Healthy Hippos Benefits</span></strong><span data-contrast="none">&nbsp;- Multiple medical plans to choose from and 100% employer covered dental &amp; vision plans for our team members and their families. We also offer a 401(k)-retirement plan, short &amp; long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP)</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}">&nbsp;</span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Equity&nbsp;</span></strong><span data-contrast="none">-</span><strong><span data-contrast="none">&nbsp;</span></strong><span data-contrast="none">This position is eligible for equity compensation&nbsp;</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}">&nbsp;</span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Training and Career Growth</span></strong><span data-contrast="none">&nbsp;- Training and internal career growth opportunities</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}">&nbsp;</span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Flexible Time Off</span></strong><span data-contrast="none">&nbsp;- You know when and how you should recharge</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}">&nbsp;</span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Little Hippos Program</span></strong><span data-contrast="none">&nbsp;- We offer 12 weeks of parental leave for primary and secondary caregivers</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}">&nbsp;</span></li> <li data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><strong><span data-contrast="none">Hippo Habitat</span></strong><span data-contrast="none">&nbsp;- Snacks and drinks available and catered lunches for onsite employees</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335551550&quot;:0,&quot;335551620&quot;:0,&quot;335557856&quot;:16777215,&quot;335559738&quot;:0,&quot;335559739&quot;:0}"><br></span></li> </ul> <p><em>The Morristown, NJ and San Francisco Bay Area base pay range for this role is $151,000.00 - $226,250.00. Exact compensation may vary based on several job-related factors that are unique to each candidate, including but not limited to: skill set, experience, education/training, location, business needs and market demands.</em></p> <p><em>Hippo is an equal opportunity employer, and we are committed to building a team culture that celebrates diversity and inclusion.</em>&nbsp;<em>Hippo’s applicants are considered solely based on their qualifications, without regard to an applicant’s disability or need for accommodation. Any Hippo applicant who requires reasonable accommodations during the application process should contact the Hippo’s People Team to make the need for an accommodation known.</em>&nbsp;</p><div class="content-conclusion"><p><a href="https://s3-us-west-2.amazonaws.com/hippo-document-prod/legal+/HIPPO-HRPrivacyNotice.pdf" target="_blank">Hippo CCPA</a></p></div>