Application Security Engineer - Threat Modeling & Risk / Privacy AlignmentUtah | Hybrid

Application Security Engineer

This is a Utah-based hybrid position which will require some regular in-office days each week. Additionally, employment with BambooHR is contingent on passing both a background and credit check.

Essential Job Duties

We are expanding our security team and seeking a highly experienced and strategic Application Security Engineer with a deep understanding of threat modeling, risk assessment, and cross-functional collaboration. In this critical role, you will be responsible for proactively identifying and mitigating security risks by conducting thorough threat modeling, aligning security efforts with business objectives, and ensuring our platform meets the highest standards of security and privacy, particularly for a multi-tenant SaaS environment.

You will :

• Threat Modeling Leadership : Lead and facilitate formal threat modeling exercises (e.g., STRIDE, LINDDUN, Attack Trees) for new and existing features, APIs, data flows, and architectural designs, translating technical risks into actionable insights.
• Risk & Privacy Alignment : Act as a key liaison between engineering, product, legal, and privacy teams, effectively translating technical security risks into business terms and collaborating to find balanced solutions that meet both security and product goals.
• Authentication & Authorization Expertise : Provide deep expertise and guidance on secure authentication mechanisms, session management, and complex access control models relevant to a multi-tenant SaaS platform.
• Product Security Collaboration : Partner closely with product managers and engineering teams to embed security requirements early in the product development lifecycle, balancing user experience (UX) with robust security.
• SaaS-Specific Security : Address security challenges unique to a SaaS environment, including multi-tenancy isolation, secure API design principles, prevention of horizontal privilege escalation, and secure data handling.
• API Security Testing : Conduct hands-on security testing of APIs using various tools (e.g., Burp Suite, Postman, custom scripts) to identify vulnerabilities and ensure secure communication and data exchange.
• Security Requirements : Define and document detailed security requirements and controls for new features and system enhancements.
• Security Consultation : Provide expert security consultation and guidance to development teams on secure coding practices, architectural patterns, and vulnerability remediation.
• Continuous Improvement : Stay current with the latest security threats, industry best practices, and emerging technologies, advocating for their adoption to enhance our platform's security posture.

What You Need to Get the Job Done

What Will Make Us REALLY Love You

What You'll Love About Us

About Us

At BambooHR, we're building something different : we're building a people intelligence platform that transforms HR and sets people free to do great work! We're a proven market leader driving innovation while building lasting success through thoughtful, sustainable growth. Here, you'll find a place that champions growth : both professional and personal, both individual and collective.

We invest in potential, giving you the space to stretch your capabilities and turn good ideas into reality while providing the safety net of a supportive, values-driven culture. Our approach combines meaningful work with meaningful lives, offering competitive benefits, professional development, and the flexibility to thrive both in and outside the office.

What sets us apart isn't just what we do, but how we do it : with openness, integrity, and a shared commitment to doing the right thing. Join us in creating HR software that makes work better for everyone, while we make work better for you.

BambooHR is committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations throughout the hiring process. If you would like to request accommodations, please let your recruiter know.

BambooHR is an equal opportunity employer M / F / D / V. Because our team members are trusted to handle sensitive information, we require all candidates that receive and accept employment offers to complete a background check before being hired. For information on California Privacy Policy, click here.