Loading...

Application Security Engineer

Opal at a glance

SEC filings mentioning "Opal": 2,718 · SIC industry: Gas & Other Services Combinedsearch EDGAR

Opal

About Opal Security:

At Opal, we’re building modern identity governance for the AI era—intelligent access management that empowers enterprises to move fast while staying secure. Our mission is to bring clarity, control, and confidence to complex enterprise environments, helping teams govern access without slowing down innovation.

The Role:

Most security engineers spend their careers bolting locks onto doors that were already built. This is not that job.

We’re hiring an Application Security Engineer to own security across Opal’s product and platform — and yes, own means what it sounds like. You’d be our dedicated security engineer, embedded directly with engineering, writing production code in Go and TypeScript, and building security into the product while it’s still being designed. You’ll work closely with a team of engineers that genuinely care about getting this right, and a product that happens to be one of the most security-critical tools in enterprise software.

Oh, and one more thing: Opal is a security company. We sell access control to organizations that take security seriously. That means your work isn’t a cost center — it’s core to what we do.

This role lives on the Platform team and partners closely with Infrastructure Engineering on cloud security. It is explicitly scoped to application and product security — enterprise IT, compliance, and vendor risk management are handled separately.

What You’ll Do:

Secure Development Lifecycle –

  • Own the secure SDLC end-to-end: threat modeling, design reviews, code reviews — you set the bar

  • Run and coordinate app pentests (internal and external) and drive findings to closure

  • Build and own SAST/DAST/SCA tooling wired into CI/CD so security ships with the code

  • Triage and remediate vulnerabilities from every angle — bug bounty, internal scans, the works

Software Security Engineering –

  • Build and maintain the security-critical stuff: encryption services, authz enforcement, authn flows

  • Own the Auth0 ↔ Opal integration — tokens, sessions, MFA, SSO (SAML, OIDC, OAuth 2.0)

  • Ship production Go and TypeScript to harden APIs, enforce least-privilege, and close vuln classes for good

  • Create shared libraries that make the secure path the easy path for every product engineer

Incident Response & Cloud Security –

  • Be first on the scene for security incidents: investigate, contain, find the root cause, fix it

  • Partner with Infra on cloud hardening — AWS IAM, EKS, KMS, network segmentation

  • Level up detection and response by writing detection rules and improving logging and alerting

Security Culture –

  • Mentor engineers on secure coding, common vuln patterns, and security architecture — you make the org smarter

  • Help set the security roadmap by grounding it in real product risk

  • Be the security teammate engineers want to work with — a collaborator, not a bottleneck

You Might Be a Fit If You:

  • Have 4+ years in application security or software security engineering

  • Actually write production code — findings reports are the floor, not the ceiling

  • Know auth cold: OAuth 2.0, OIDC, SAML, session management, token lifecycle

  • Are comfortable in AWS and containerized environments (Kubernetes, Docker)

  • Bonus points for familiarity with our stack: Go, TypeScript, React, PostgreSQL, Redis, GraphQL

  • Have led complex, cross-functional security initiatives from kickoff to completion

  • Have run or participated in external pentests and seen findings through remediation

  • Thrive on ownership and ambiguity — you’d rather write the playbook than wait for one

To apply for this job please visit jobs.ashbyhq.com.

Working in San Francisco, California

Weather right now in San Francisco, California: checking… · Local time: · Air quality: · Daylight: · UV index:

San Francisco, officially the City and County of San Francisco, is the fourth-most populous city in California and the 17th-most populous in the United States, with a population of 826,079 in 2025. Among U.S. cities with a population of 200,000 or more, San Francisco is ranked first by per capita income, second by population density, and sixth by aggregate income as of 2024. Some 4.6 million residents live in the city's metropolitan statistical area, which is the 13th-largest in the United States. Around 9.2 million live in the San Jose–San Francisco–Oakland combined statistical area, the fift

California is a U.S. state in the Western United States that lies on the Pacific Coast. It borders Oregon to the north, and Nevada and Arizona to the east; it also shares an international border with the Mexican state of Baja California to the south. With over 39 million residents across an area of 163,696 square miles (423,970 km2), it is the largest U.S. state by population and third-largest by

🇺🇸 Relocation safety for US: Exercise Normal Cautionvia Warnely, CC BY 4.0

National unemployment rate in US: 4.2%via World Bank

Recent seismic activity: 2 earthquakes (M4.5+) within 200km in the last 6 months — largest M5.6 near 11 km N of Redwood Valley, CA. via USGS

  • Elevation 38m (125 ft)

Source: Wikipedia (state)

Market context

  • Similar listings in San Francisco 1

Job details above are provided by the employer/source. The sections on this page are compiled from public data sources with AI assistance.

Accommodations: if you need a workplace accommodation to apply for or perform this job, see ADA.gov or EEOC.gov for guidance on your rights and how to request one.

Add application deadline to calendar

Keep exploring on Get A Job.ai

Not quite the right fit? Your next opportunity is a click away.

Hiring instead? Post a job and reach candidates searching right now.