MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Security Engineer, Application Security

Mercor

San Francisco or NYC permanent

Posted: April 15, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

We're looking for a top-notch Security Engineer to join our fast-paced team. The ideal candidate will be responsible for designing and implementing secure solutions, with a focus on application security and AI intelligence.

Required Skills

Application Security SAST DAST Vulnerability Management Threat Modeling Secure Coding Standards Bug Bounty Program Python TypeScript

Job Description

About Mercor

Mercor is defining the future of work. We partner with leading AI labs and enterprises to provide the human intelligence essential to AI development.

Our vast talent network trains frontier AI models in the same way teachers teach students: by sharing knowledge, experience, and context that can't be captured in code alone. Today, more than 30,000 experts in our network collectively earn over $2 million a day.

Mercor is creating a new category of work where expertise powers AI advancement. Achieving this requires an ambitious, fast-paced and deeply committed team. You’ll work alongside researchers, operators, and AI companies at the forefront of shaping the systems that are redefining society.

Mercor is a profitable Series C company valued at $10 billion. We work in-person five days a week in our San Francisco, NYC, or London offices.

You'll own application security at a company where the app layer is the highest-priority security surface. This is not a scan-and-triage role. You'll embed in the development lifecycle, review code for exploitable flaws, build security tooling into CI/CD, and drive vulnerability remediation across a platform serving 300K+ experts and enterprise clients processing sensitive AI training data.

We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate code review and threat modeling, and automating away the repetitive work that slows AppSec programs down. If you'd rather write a CodeQL query than file a Jira ticket, you'll fit in here.

We're in-person five days a week at our SF headquarters, with first Fridays remote.

What You'll Build:

• Security review workflows embedded in the SDLC - PR-level analysis that catches auth bugs, injection flaws, and business logic errors before they ship

• SAST/DAST pipelines integrated into CI/CD - shifting security left without slowing down deploys

• Vulnerability management processes that prioritize by real exploitability, not CVSS score

• Secure coding standards and guardrails that make the safe path the easy path for 50+ engineers

• Threat models for new features and architecture changes - especially around AI data pipelines, payment flows, and multi-tenant boundaries

• Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure

What We're Looking For

• You've found and fixed real vulnerabilities in production applications - not just run scanners

• Deep understanding of web application security: OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws

• Strong in at least one of Python, TypeScript, or Go - you can read a PR and spot the auth bypass

• Experience building or tuning SAST/DAST tooling (Semgrep, CodeQL, Snyk, Burp, or similar)

• You understand modern web frameworks, APIs, and authentication patterns well enough to threat model them

• Experience managing a vulnerability pipeline - from discovery through prioritization to verified remediation

• 5+ years of professional experience in application security, security engineering, or software engineering with a strong security focus

Bonus Points

• Experience running or triaging a bug bounty program (HackerOne, Bugcrowd)

• Offensive security skills - you've done penetration testing and can think like an attacker

• Experience securing AI/ML applications - model serving APIs, training data pipelines, prompt injection defense

• Familiarity with supply chain security - dependency scanning, registry firewalls (Socket, Snyk)

• You've built custom security tooling that a team still uses

• Contributions to open source security projects or published vulnerability research

Why Mercor

• The problem is real. Application security at scale is hard - you'll build defenses that matter across a fast-moving platform.

• AI-native AppSec. You'll use frontier AI tools daily - for code review, vulnerability analysis, and anything that benefits from an AI co-pilot.

• Ownership from day one. You'll own the entire application security domain - from code review processes to CI/CD security to bug bounty operations.

• See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply