Senior Application Security Engineer

Job Title: Senior Application Security Engineer
Location: Denver, CO (Hybrid)

About FusionAuth
FusionAuth is a fast-growing startup and leading provider of customer identity and access management (CIAM) software headquartered in Denver, Colorado. Our mission is to make authentication and authorization simple and secure for every developer.  Our product helps businesses securely manage customer identities and access, ensuring a seamless and safe user experience for some of the largest brands in the world. We are committed to delivering exceptional value and satisfaction to our clients through top-notch service and support.  With a great team and strong investors, we are expanding our team to help accelerate our growth and take FusionAuth to the next level.

Job Summary
We are recruiting a Senior Security Engineer with a strong focus on application security to join our engineering team. In this role, you will play a critical part in not only building new features and extending existing ones but also ensuring that our applications meet stringent security standards. You’ll engage with customers to gather feedback for continuous product improvement and contribute to our growing developer community. To succeed, you should be a creative and quantitative thinker, highly knowledgeable in secure coding practices, and passionate about authentication, authorization, and user management. Experience in security-focused roles or practices—such as penetration testing (PEN testing), bug bounties, or similar—will be highly valued. This position is based in the Denver metro area and reports to the Engineering Manager.
Responsibilities

• Develop high-quality, performant, and secure code to safeguard our applications and user data.
• Write and maintain extensive, security-focused tests, including unit, integration, and vulnerability tests.
• Design and implement new features with an emphasis on secure coding practices and risk mitigation.
• Maintain our software with bug fixes, enhancements, and security patches.
• Produce clear, high-quality documentation for new features and security protocols.
• Contribute to platform roadmap planning and software architecture with an application security perspective.
• Rotate as the on-call engineer to resolve critical issues, ensuring both functionality and security for customer issues.
• Provide technical support to customers, including security-related troubleshooting.
• Advocate for best practices in security within the Engineering organization.
• Participate in threat modeling, code reviews, and security audits to strengthen our applications against vulnerabilities.

Qualifications

• 10+ years of professional software development experience with a significant focus on application security.
• Bachelor’s degree in Computer Science or equivalent practical experience with a strong understanding of secure software development principles.
• Proven experience in roles with security responsibilities, such as PEN testing, bug bounties, or similar security assessments.
• Highly proficient in object-oriented design and implementation with a secure development mindset.
• Strong understanding of the full web stack, including HTTP, TCP/IP, and REST, with an awareness of potential vulnerabilities in these areas.
• Experience building highly available, high-performance, scalable, and secure applications.
• Expertise in developing multi-threaded, API-first applications with secure data handling practices.
• In-depth knowledge of unit, integration, and vulnerability testing to ensure the robustness of our applications.
• Strong knowledge of databases, data modeling, and performance tuning, including secure data management.
• Experience across the stack, from cloud infrastructure to front-end security practices.

All About You
We believe the following qualities will enhance your success in this role:

• You are analytical and data-driven, using metrics to understand and mitigate security risks.
• You have an interest in the authentication and authorization space, with a focus on security.
• You bring a strong yet flexible approach to security, ready to adapt as the landscape changes.
• You quickly learn new technologies and security practices.
• You’re excited about contributing to our open-source projects and building a secure ecosystem.
• You thrive in a startup environment and bring a proactive, security-focused mindset to your work.

Compensation

• $140k to $200k expected base salary range*