Senior Application Security Engineer

Why Hover wants you:

As our Senior Application Security Engineer, you will design and implement security solutions for both enterprise and consumer-facing systems. You will be the go-to person for security decisions—taking ownership of core functions such as authentication (login, OAuth), identity management (SCIM, RBAC), network/firewall hardening, and more. You’ll collaborate closely with engineering teams to advise on best practices, integrate security automations, and ensure the overall robustness of our infrastructure. Your work will be crucial in maintaining and hardening compliance (e.g., SOC 2) and protecting sensitive data across our organization.

The Team:

The Infrastructure and Security team at Hover ensures the scalability, reliability, and security of our platform, empowering engineers to build and deploy applications faster, safer, and with greater stability. This collaborative team is composed of engineers with expertise in cloud infrastructure, security, automation, and CI/CD best practices. We handle everything from Kubernetes environments and cloud architecture to securing user authentication and automating vulnerability detection.

Our mission is to make the best path the easiest path by providing robust automation, consistent patterns, and secure-by-design principles. We partner with engineering teams to tackle challenges like managing rich geospatial and machine learning workloads, hardening cloud infrastructure, and implementing security features across our stack (Ruby, TypeScript, Docker, GCP, Terraform, and more).

Team members are supported with professional growth opportunities, a strong focus on learning, and a culture that values collaboration, innovation, and the continuous improvement of our systems and security posture. Join us to work on cutting-edge challenges that are critical to the foundation of Hover’s success.

You will contribute by:

• Secure Features Development: Enhance critical security features (e.g., authentication, OAuth, SCIM, RBAC). Implement secure coding patterns across Ruby, TypeScript, Docker, GCP, Terraform, GKE, Python, and C++.
• Architecture & Code Review: Conduct secure code and architecture reviews, enforce secure-by-design principles, and lead threat modeling.
• Automation & Tooling: Manage security tools (e.g., SAST, DAST) in CI/CD pipelines and leverage capabilities like GitHub Advanced Security.
• Cloud & Infrastructure Security: Harden GCP infrastructure, IAM profiles, Docker, GKE, and secure network setups.
• Compliance: Develop security controls for frameworks like SOC 2, document risks, and support audits.
• Collaboration & Education: Advise teams on security best practices, respond to incidents, and lead security training.
• Incident Response: Refine response procedures, track evolving threats, and improve security controls.

Your background includes:

• Education & Experience
• 5+ years of hands-on software engineering experience (or software oriented operations or IT experience).
• 3+ years of hands-on security-focused engineering experience (or secure networking, firewall, IT compliance, and/or user management).
• Technical Skills
• Proficient in at least one programming language (Ruby, TypeScript, Python, C++, etc.) and willingness to ramp up in others.
• Experience with Docker and container orchestration platforms (preferably GKE).
• Familiarity with cloud platforms (GCP preferred) and Infrastructure as Code tools (Terraform).
• Strong background in web security (authentication flows, OAuth, session management) and experience with identity management (e.g., RBAC, SCIM).
• Security Knowledge & Tooling
• Solid understanding of secure coding practices, cryptography, vulnerability management, and penetration testing methodologies.
• Experience implementing or integrating SAST, DAST, or other security scanning solutions into CI/CD pipelines.
• Knowledge of compliance standards such as SOC 2, ISO 27001, etc.
• Soft Skills
• Meticulous attention to detail; able to be the final checkpoint on security decisions.
• Excellent communication and collaboration skills for cross-team interactions.
• Ability to mentor and train engineers on secure development processes.
• A proactive approach to continuous learning and staying current with emerging security trends.

Benefits:

• Compensation - Competitive salary and meaningful equity in a fast-growing company
• Healthcare - Comprehensive medical, dental, and vision coverage for you and dependents
• Paid Time Off - Unlimited and flexible vacation policy
• Paid Family Leave - We support work/life balance and offer generous paid parental and new child bonding leave
• Mandatory Self-Care Days - A day set aside each month to allow employees to recharge
• Remote Wellbeing Resources - We provide recurring fitness classes, meditation/ mindfulness tools, virtual therapy, and family planning assistance
• Learning - We encourage continued education and will help cover the cost of management training, conferences, workshops, or certifications

Hover has Hubs in San Francisco and New York City, where we expect that all employees living within a 50-mile radius of our offices will come into their local Hover office at least three times a week to build rapport and foster organic connection. At this time, Hover is not considering fully remote roles.

The US base salary range for this full-time position is $190,000 - $217,000 annually. Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target for new hire salaries for the position across all applicable US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Your recruiter can share more about the specific salary range for your preferred location during the hiring process.

#LI-JN1 #LI_HYBRID