Job Title: Senior Application Security Engineer
Location: Denver, CO (Hybrid)
About FusionAuth
FusionAuth is a fast-growing startup and leading provider of customer identity and access management (CIAM) software headquartered in Denver, Colorado. Our mission is to make authentication and authorization simple and secure for every developer. Our product helps businesses securely manage customer identities and access, ensuring a seamless and safe user experience for some of the largest brands in the world. We are committed to delivering exceptional value and satisfaction to our clients through top-notch service and support. With a great team and strong investors, we are expanding our team to help accelerate our growth and take FusionAuth to the next level.
Job Summary
We are seeking a Senior Application Security Engineer to join our engineering team. In this role, you will be responsible for ensuring that our applications and infrastructure meet stringent security standards. Additionally, you will be instrumental in fostering a security-centric culture throughout the engineering teams. To excel in this position, you should possess a creative and quantitative mindset, along with a deep understanding of secure coding practices. A strong passion for authentication, authorization, and user management is essential. Prior experience in security-focused roles or practices, such as penetration testing (PEN testing), bug bounties, or similar endeavors, will be highly valued. This position is based in the Broomfield, CO area.
Responsibilities
- Participate in threat modeling, code reviews, and security audits to strengthen our applications against vulnerabilities.
- Manage our bug bounty program by validating submissions and assessing awards.
- Research and integrate security tools into our development processes and pipelines.
- Design and implement new features with an emphasis on secure coding practices and risk mitigation.
- Write and maintain extensive, security-focused tests, including unit, integration, and vulnerability tests.
- Maintain our software with bug fixes, enhancements, and security patches.
- Produce clear, high-quality documentation for new features and security protocols.
- Contribute to platform roadmap planning and software architecture with an application security perspective, including prioritization of security-related bugfixes.
- Advocate for best practices in security within the Engineering organization, including developing training curricula on secure coding practices.
Qualifications Required
- 7+ years of professional software development experience with a significant focus on application security.
- Bachelor’s degree in Computer Science or equivalent practical experience with a strong understanding of secure software development principles.
- Expertise in Java web-application development and security.
- Proven experience in roles with security responsibilities, such as PEN testing, bug bounties, or similar security assessments.
- Highly proficient in object-oriented design and implementation with a secure development mindset.
- Strong understanding of the full web stack, including HTTP, TCP/IP, and REST, with an awareness of potential vulnerabilities in these areas.
- Experience building highly available, high-performance, scalable, and secure applications.
- Expertise in developing multi-threaded, API-first applications with secure data handling practices.
- In-depth knowledge of unit, integration, and vulnerability testing to ensure the robustness of our applications.
- Experience across the stack, from cloud infrastructure to front-end security practices.
All About You
We believe the following qualities will enhance your success in this role:
- You are analytical and data-driven, using metrics to understand and mitigate security risks.
- You have an interest in the authentication and authorization space, with a focus on security.
- You bring a strong yet flexible approach to security, ready to adapt as the landscape changes.
- You quickly learn new technologies and security practices.
- You’re excited about contributing to our open-source projects and building a secure ecosystem.
- You thrive in a startup environment and bring a proactive, security-focused mindset to your work.
Compensation
- $140 - 200k expected base salary range*
Top Skills
What We Do
FusionAuth builds software for developers needing to add authentication to their software products. It's a big problem - every application needs authentication, but building it yourself is a complex distraction. We distribute our free Community software through word-of-mouth reputation to software developers worldwide. We nurture and support the software development communities, taking their input to give "Devs" the features they need for secure and convenient Customer Identity and Access Management. And we've built a fast growing business by offering paid plans and hosting with higher end features and support.
It's Product Led Growth at its best. Start with the free version, then when your business depends on customers logging into your application, upgrade to our full featured plans. Over 3,000 companies already have..
Why Work With Us
FusionAuth is a founder-led company. We are profitable but recently raised an investment round to accelerate our growth (more on that here: https://fusionauth.io/blog/fusionauth-funding). We have a culture of software developers ("Devs") building great software for use by other Devs, the way they want to see it.
Gallery





FusionAuth Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Our Westminster, CO office is a hybrid, a place for in-person collaboration. Local employees are in 1-3 times/week. Remote employees every few months. Daily workplace location is at the employee's discretion - wherever they can be most productive.