Staff Security Engineer, Application Security

Ridgeline is on the hunt for an experienced Application Security Engineer to join our growing Security Engineering team and help us scale secure development practices across the company. As a Staff Security Engineer at Ridgeline, you will play a key role in identifying and solving complex application security problems through development-heavy solutions that enhance the security of our software platform.

This is a builder’s role — perfect for someone who can write production-quality code, solve security problems with software, and influence others through hands-on technical leadership. You’ll work closely with engineers to embed security into our development lifecycle and help drive adoption of secure-by-default approaches within key product areas.

Ridgeline places a strategic emphasis on the responsible and innovative use of AI, integrating it deeply into our platform, internal tools, and engineering processes. We are especially excited to work with candidates who are curious and motivated to explore how AI can be thoughtfully applied to solve application security problems — whether that’s through LLM-assisted analysis, anomaly detection, or next-gen automation. Prior experience is great, but passion and creativity in this space matter even more.

What will you do?

• Drive security improvements by developing and deploying security controls into CI/CD pipelines and secure development workflows within Ridgeline’s products.
• Partner with product and platform engineers to improve the security posture of applications through secure design guidance, threat modeling, and code-level improvements.
• Design, develop, and maintain automation and tooling for application security (e.g., static analysis pipelines, dependency scanners, or custom security linters).
• Perform security reviews of architecture, design, and code to identify and fix vulnerabilities early in the development lifecycle.
• Research new and emerging threats and translate those into actionable security improvements.
• Collaborate across teams to improve adoption of security tools and practices, ensuring they integrate seamlessly into developer workflows.
• Advocate for and contribute to secure coding education across engineering teams.
• Demonstrate ownership of application security projects, delivering solutions from planning through rollout and maintenance.
• Foster a collaborative environment rooted in learning, teaching, and trust.

Desired Skills and Experience:

• 8+ years of experience in software development or application security roles.
• Bachelor’s degree in Computer Science or a related discipline, or equivalent practical experience.
• Strong proficiency in one or more modern programming languages (e.g., Python, Java/Kotlin, JavaScript/TypeScript, Go). Python experience is a plus.
• Hands-on experience implementing and operating security controls within CI/CD pipelines (e.g., GitHub Actions, container image build tools, or similar).
• Demonstrated success building custom security tooling or integrating open-source tools for static/dynamic/code analysis at scale.
• In-depth understanding of common application vulnerabilities (OWASP Top 10, CWE) and practical mitigation strategies.
• Ability to read and understand modern application architectures and assess them from a security perspective.
• Clear, thoughtful communicator who can explain technical security concepts to a broad audience.
• Strong sense of ownership, and a passion for continuously improving systems and processes.
• Practical development experience — e.g., you’ve built internal tools, production services, or contributed meaningful features to software systems.
• Security Architect with AI Fluency: Can evaluate risks tied to LLMs, embeddings, APIs, and fine-tuned models; balances security and usability tradeoffs.

Nice to haves:

• Strong interest or experience in applying AI to application security problems — including but not limited to LLM-powered static analysis, code classification, threat modeling assistance, or anomaly detection.
• Familiarity with AWS, particularly around IAM, container services, Lambda, and related infrastructure.
• Experience with secure design or threat modeling at the application or system level.
• Participation in bug bounty programs, security research, open-source contributions, or other forms of community engagement.
• Experience mentoring engineers or helping teams adopt secure development practices at scale.

About Ridgeline

Ridgeline is the industry cloud platform for investment management. It was founded by visionary tech entrepreneur Dave Duffield (co-founder of both PeopleSoft and Workday) to apply his successful formula of solving operational business challenges with bold innovation and human connectivity to the unique needs of the investment management industry. 

Ridgeline started with a clean sheet of paper and a deep bench of experts bound by a set of core values and motivated to revolutionize an industry underserved by its current tech offerings. We are building a new, modern platform in the public cloud, purpose-built for the investment management industry and we are prioritizing security, agility, and usability to empower business like never before.

With a growing campus in Reno and offices in New York, Lake Tahoe, and the Bay Area, Ridgeline is proud to have built a fast-growing, people-first company that has been recognized by Fast Company as a “Best Workplace for Innovators,” by The Software Report as a “Top 100 Software Company,” and by Forbes as one of “America’s Best Startup Employers.”

Ridgeline is proud to be a community-minded, discrimination-free equal opportunity workplace.

Ridgeline processes the information you submit in connection with your application in accordance with the Ridgeline Applicant Privacy Statement. Please review the Ridgeline Applicant Privacy Statement in full to understand our privacy practices and contact us with any questions.

Compensation and Benefits 

The cash compensation amount for this role is targeted at $175,000-$205,000. Final compensation amounts are determined by multiple factors, including candidate experience and expertise, and may vary from the amount listed above. 

As an employee at Ridgeline, you’ll have many opportunities for advancement in your career and can make a true impact on the product. 

In addition to the base salary, 100% of Ridgeline employees can participate in our Company Stock Plan subject to the applicable Stock Option Agreement. We also offer rich benefits that reflect the kind of organization we want to be: one in which our employees feel valued and are inspired to bring their best selves to work. These include unlimited vacation, educational and wellness reimbursements, and $0 cost employee insurance plans. Please check out our Careers page for a more comprehensive overview of our perks and benefits.

#LI-Hybrid