Application Security Lead
Remote
Full Time
#Application Security
#Engineering
#AI
#OWASP Top 10
#Code Review
#Python
#Burp suite
#SSDLC
#SAST
#DAST
#Vulnerability Management
#ISO 27001
At Prolific, we are building the human data infrastructure that is essential for the next generation of AI development. We are looking for an Application Security Lead to join our team remotely and take full ownership of our security strategy as we continue to scale.
Responsibilities
- Define and execute our Secure Software Development Lifecycle (SSDLC) to ensure security is embedded into every stage of engineering.
- Act as the primary security voice within the organization, balancing risk management with development velocity.
- Perform hands-on tasks including code reviews, threat modeling, and security testing.
- Manage and mentor our Senior Application Security Engineer.
- Oversee our vulnerability management program and maintain our compliance standards, such as ISO 27001.
- Partner with cross-functional teams, including product engineering, platform, data, and legal, to protect our platform and user data.
Must-haves
- Several years of professional experience in software engineering, with a track record of shipping production systems at scale.
- Extensive background in application security, specifically in testing, code review, and threat modeling.
- Expert-level knowledge of the OWASP Top 10 for web and APIs, including modern attack vectors like injection, SSRF, and supply chain risks.
- Proficiency in Python for security automation and tooling.
- Hands-on experience with manual security testing using tools like Burp Suite.
- Experience scaling SSDLC practices, including the integration of SAST, DAST, and secrets management into CI/CD pipelines.
- Strong communication skills with the ability to influence technical and non-technical stakeholders alike.
- Experience translating security controls, such as ISO 27001 or SOC 2, into practical engineering workflows.
Nice-to-haves
- Prior experience managing or mentoring security engineers.
- Technical familiarity with Django, Vue.js, MongoDB, or GCP.
- Experience running bug bounty programs or security champion initiatives.
- Knowledge of infrastructure or supply chain security, including Kubernetes and Terraform.
- Relevant certifications such as OSCP, GWAPT, BSCP, or CISSP.
Benefits
- Fully remote work environment.
- The opportunity to shape the security culture of a mission-driven company at the forefront of AI innovation.
- Access to a unique platform that is actively reshaping how high-quality, ethically sourced human data is used to align AI systems.
Prolific
1 views



