Vannevar Labs
Application Security Engineer
Job Summary
The role is for a Founding Application Security Engineer responsible for building and maintaining the security infrastructure of a SaaS platform supporting sensitive missions. The candidate will collaborate with development, DevOps, and audit teams to integrate threat modeling, automated security testing, and vulnerability response into the software development lifecycle. The position requires hands-on experience in securing web applications, automating application security workflows, and incident response, with familiarity in cloud and container environments. Benefits include comprehensive health coverage, flexible work arrangements, and opportunity for equity and growth within a mission-driven company.
Required Skills
Benefits
Job Description
Our mission is to be the technology backbone for strategic competition against peer adversaries. These missions – including intelligence, information operations, special activities, and perception management – are happening today and their success or failure will determine if we go to war tomorrow.
We've been on the front lines of these missions since 2019, and have grown to support a wide range of missions across all US service branches, multiple combatant commands, partner nations, and interagency stakeholders. We deploy both hardware and software products to support people on the front lines that span collection, planning / assessments, and effects.
We've grown from $3M in run-rate revenue in 2021 to $80M in run-rate revenue today. We've been profitable since 2022 and have raised $91M in venture capital funding through Series B. We're valued at $1.5B as of 2025.
About the role
- Map our product attack surface, rank risks, and publish a 12-month security roadmap.
- Embed with development teams to run threat models, review critical PRs, and coach secure-by-default habits.
- Help implement and deploy SAST, SCA, secrets-scan, DAST, and container/IaC checks in CI/CD; drive MTTR on P1 vulns to < 7 days.
- Coordinate with DevOps for application security issues that cross between application and infrastructure layers
- Support incident-response for product issues and feed lessons back into code, docs, and process.
- Write customer-facing Product Security white-papers and supply compliance evidence.
Qualifications
- 5 + years in Application / Product Security
- Ability to read & write production-quality code
- Hands-on experience securing web applications and automating AppSec workflows.
- Familiarity with incident response fundamentals—log triage, forensics, retros—and a passion for eliminating root causes.
- Clear, concise communicator who can translate risk for engineers, leadership, and customers.
- Ideally experienced with AWS, Python, containers, TypeScript, Node.js, Django, PostgreSQL, and Rancher.
- Experience securing LLM workflows is a big plus
Benefits:
- Health, dental, and vision insurance
- 100% remote - work from anywhere in the US
- 401k matching
- Mental benefits
- Flexible work environment - you manage your workday
- Pet and child care reimbursement during travel
- Unlimited PTO
The salary range for this position is $160,000-$210,000 + equity + 401K match. Within the range, individual pay is determined by experience, relevant education, and/or training.
We are committed to protecting the privacy of all applicants. Official emails from the company will come from an @vannevarlabs.com domain. Under no circumstances will a legitimate representative from our company contact you to request passwords, financial information, or other sensitive personal data. Please be vigilant of potential scams.
Vannevar Labs
Vannevar Labs brings together a multi-disciplinary group of people with a wide range of experiences, over 40 years of military service, engineers from some of the top tech companies and startups, and a passion for delivering mission critical tools to support public servants on the front lines of the country's most important national security problems
See more jobsSafe Remote Job Search Tips
Verify Employer Thoroughly
Research the company's identity thoroughly before applying. Check for a professional website with contacts, active social media, and LinkedIn profiles. Verify details across platforms and look for reviews on Glassdoor or Trustpilot to confirm legitimacy.
Never Pay to Get a Job
Legitimate employers never require payment for applications, training, background checks, or equipment. Always reject upfront payment requests or demands for bank details, even if they claim it's for purchasing necessary work gear on your behalf.
Safeguard Your Personal Information
Protect sensitive data like SSN, bank details, or ID copies. Share this only after accepting a formal, written job offer. Ensure it's submitted via a secure company system or portal, never through insecure channels like standard email attachments.
Scrutinize Communication & Interviews
Watch for communication red flags: poor grammar, generic emails (@gmail), vague details, or undue pressure. Be highly suspicious of interviews held only via text or chat apps; legitimate companies typically use video or phone calls.
Beware of Unrealistic Offers
If an offer's salary or benefits seem unrealistically high for the work involved, be cautious. Research standard pay for similar roles. Offers that appear 'too good to be true' are often scams designed to lure you into providing information or payment.
Insist on a Formal Contract
Always secure and review a formal, written job offer or employment contract before starting work or sharing final personal details. Ensure it clearly defines your role, compensation, key terms, and conditions to avoid misunderstandings or scams.