Security Engineer, Application Security
Indexed description
Mercor is creating a new category of work where expertise powers AI advancement. Achieving this requires an ambitious, fast-paced and deeply committed team. You’ll work alongside researchers, operators, and AI companies at the forefront of shaping the systems that are redefining society. Mercor is a profitable Series C company valued at $10 billion. We work in-person five days a week in our San Francisco, NYC, or London offices.
You'll own application security at a company where the app layer is the highest-priority security surface. This is not a scan-and-triage role. You'll embed in the development lifecycle, review code for exploitable flaws, build security tooling into CI/CD, and drive vulnerability remediation across a platform serving 300K+ experts and enterprise clients processing sensitive AI training data.
We use AI heavily in our own security work. You should be comfortable building alongside AI code-gen tools, using LLMs to accelerate code review and threat modeling, and automating away the repetitive work that slows AppSec programs down. If you'd rather write a CodeQL query than file a Jira ticket, you'll fit in here.
We're in-person five days a week at our SF headquarters, with first Fridays remote.
What You'll Build
- Security review workflows embedded in the SDLC - PR-level analysis that catches auth bugs, injection flaws, and business logic errors before they ship
- SAST/DAST pipelines integrated into CI/CD - shifting security left without slowing down deploys
- Vulnerability management processes that prioritize by real exploitability, not CVSS score
- Secure coding standards and guardrails that make the safe path the easy path for 50+ engineers
- Threat models for new features and architecture changes - especially around AI data pipelines, payment flows, and multi-tenant boundaries
- Bug bounty program operations - triaging HackerOne reports, validating findings, and driving fixes to closure
- You've found and fixed real vulnerabilities in production applications - not just run scanners
- Deep understanding of web application security: OWASP Top 10 is baseline, you think in terms of attack chains and business logic flaws
- Strong in at least one of Python, TypeScript, or Go - you can read a PR and spot the auth bypass
- Experience building or tuning SAST/DAST tooling (Semgrep, CodeQL, Snyk, Burp, or similar)
- You understand modern web frameworks, APIs, and authentication patterns well enough to threat model them
- Experience managing a vulnerability pipeline - from discovery through prioritization to verified remediation
- 5+ years of professional experience in application security, security engineering, or software engineering with a strong security focus
- Experience running or triaging a bug bounty program (HackerOne, Bugcrowd)
- Offensive security skills - you've done penetration testing and can think like an attacker
- Experience securing AI/ML applications - model serving APIs, training data pipelines, prompt injection defense
- Familiarity with supply chain security - dependency scanning, registry firewalls (Socket, Snyk)
- You've built custom security tooling that a team still uses
- Contributions to open source security projects or published vulnerability research
- The problem is real. Application security at scale is hard - you'll build defenses that matter across a fast-moving platform.
- AI-native AppSec. You'll use frontier AI tools daily - for code review, vulnerability analysis, and anything that benefits from an AI co-pilot.
- Ownership from day one. You'll own the entire application security domain - from code review processes to CI/CD security to bug bounty operations.
- See the future early. Working alongside AI labs means you'll understand frontier model capabilities months before the market.
- Bi-annual performance bonus structure
- Generous equity grant vested over 4 years
- Up to $15k Relocation bonus
- $10K housing bonus (if you live within 0.5 miles of our office)
- $1.5K monthly stipend for meals
- Free Equinox membership
- $200 monthly laundry reimbursement
- $200 monthly personal wellness reimbursement
- Health, Dental, Vision insurance
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search