Applications for this job have closed. This page will redirect to the Thumbtack employer page in 10 seconds.

Senior Application Security Engineer

Remote -
Full time
employer logo
I.T., digital & online media services
501-1,000 employees
Compare top employers

A home is the biggest investment most people make, and yet, it doesn’t come with a manual. That's why we’re building the only app homeowners need to effortlessly manage their homes — knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $600B+ industry — we must be doing something right.

We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We’re seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.

At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we’ll build together.

Thumbtack by the Numbers

  • Available nationwide in all 3,143 U.S. counties
  • 75 million projects started on Thumbtack
  • 4 million customers in the last 12 months
  • Pros earn billions on our platform
  • More than 9 million 5-star reviews for our stellar pros
  • 1000+ employees and $3.2 billion valuation (June, 2021)

About the Security Team

At Thumbtack, application security engineers support the building of products and systems that directly impact our customers and professionals to ensure that we are deploying as secure a product as possible. We believe in tackling these hard problems together as a team, with strong values around collaboration, ownership, and transparency. To read more about the hard problems that our engineering team is taking on, visit our engineering blog.


The security landscape continually evolves, requiring proactive measures and deep understanding of emerging threats. Integrating security into the DevOps process necessitates sustained collaboration with development teams. The ideal candidate is experienced in cloud security, Linux, scripting, modern programming, web development, and proficient in mitigating common web application security vulnerabilities.


  • Design, implement and maintain security-oriented software that makes it easier for non-security engineers to build secure products
  • Recent experience with Java, Python, or a similar coding language in a production environment
  • Collaborate with many teams and functions across Thumbtack to make technical, design, strategy, and product decisions relating to security
  • Act as an internal security subject matter expert, advocating for better security practices throughout the company
  • Perform security design reviews and threat modeling on-demand and as needed and participate in security incident response
  • Help evaluate the adoption of open source software and 3rd party integration from a security standpoint

What you’ll need

If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.

  • 5+ years experience leading complex, technical, cross-functional projects (Data Platform or Infrastructure a plus)
  • Experience and understanding of application and infrastructure security standards and best practices
  • Experience in security hardening in a public cloud environment (AWS, GCP)
  • Experience and proven ability in delivering secure products and services in a cloud environment
  • Ability to think strategically at the program level, dive in and be hands-on in day-to-day action
  • Experience in secure design and authoring security tools and libraries

Bonus points if you have

  • Experience with conducting a penetration test, deploying static and dynamic code analyzers, orchestrating threat modeling and rapid risk assessments
  • Hold an Offensive Security Certified Professional (OSCP) certification
  • Familiarity with security frameworks such as OWASP (including Mobile) NIST CSF, NIST SP 800-x, COBIT, ISO-27001, PCI DSS
  • Working experience with NIST Common Vulnerability Scoring System (CVSS) and Threat Modeling Framework such as STRIDE or PASTA

Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines.* Learn more about our virtual-first working model here.


Benefits & Perks
  • Virtual-first working model coupled with in-person events
  • 20+ company-wide holidays including two week-long shutdowns
  • Libraries (collaborative workspaces) in San Francisco, Salt Lake City, Toronto, and Manila
  • Stipends for remote work support, home office set-up and Thumbtack services (North America)
  • WiFi reimbursements
  • Cell phone reimbursements (North America)
  • Employee Assistance Program for mental health and well-being

Learn More About Us

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.

Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact:

If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack’s Privacy policy available at .