Own and continuously improve the secure software development lifecycle for Apollo applications so security is embedded into design, implementation, and deployment.
Perform application security reviews, threat modeling, and deep code-level analysis for high-impact product, platform, and AI features before launch.
Drive execution-heavy vulnerability management across internal reviews, bug bounty, pentests, SCA/runtime findings, and other research signals, ensuring findings are validated, prioritized, routed clearly, and tracked through remediation and verification within SLAs.
Perform hands-on validation and offensive security testing of applications and fixes, including exploit development, bypass testing, adversarial thinking, and focused red-team-style exercises, to confirm remediations address the underlying issue rather than only the initial symptom.
Select, build, or refine security tooling, small automations, and workflow enrichments that reduce manual effort and scale AppSec operations responsibly.
Support and scale security enablement for engineers and security champions, including secure coding, AppSec, and AI-safety content.
Produce clear documentation, metrics, and written narratives that improve AppSec visibility, observability, and decision-making. What Good Looks Like at L6
Improve the health and flow of AppSec findings by keeping prioritization, remediation, and verification moving within defined SLAs.
Increase engineering adoption of secure patterns, AppSec tooling, and security training.
Reduce manual toil and improve AppSec signal quality through targeted automation and responsible use of AI-assisted workflows.
Requirements
Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally, from rapidly growing startups to some of the world's largest enterprises.
The Senior Application Security Engineer II is a senior individual contributor responsible for strengthening Apollo’s secure software development lifecycle and reducing application risk across product, platform, and AI-powered features.
Work across the kinds of application security issues common in modern SaaS environments, including authentication and authorization weaknesses, access control risks, OAuth and CSRF design flaws, SSRF, cryptographic and verification issues, information disclosure and data exposure risks, unsafe execution and deserialization patterns, and dependency or runtime vulnerabilities.
Apply clear, risk-based severity decisions using exploitability, data sensitivity, customer impact, and blast radius. Tooling, automation, and AI
Use AI to automate, transform, and scale security and engineering-adjacent processes where it materially improves speed, consistency, or signal quality, while still validating outputs with strong engineering judgment.
Embed AI-specific security checks into SSDLC reviews and code analysis, including input and output handling, AI-exposed APIs, prompt and response guardrails, and abuse or data-exfiltration paths.
Partner cross-functionally on AI security
requirements and controls so AI systems and AI-powered features are designed, deployed, and operated securely. Engineering enablement and partnership
Strong software development skills and the ability to read, write, and ship production code; Ruby
experience is highly valuable, and Python or similar scripting ability is a plus.
Strong Linux and cloud fundamentals, ideally with
experience in GCP-backed environments.
Deep familiarity with common AppSec issues, secure design, secure authentication and authorization patterns, vulnerability management, and developer security tooling.
Demonstrated ability to perform deep code review, penetration testing, and exploit-oriented validation, and to either fix vulnerabilities directly or work closely with engineers to land durable remediations that hold up against bypass attempts and variant analysis. •
Experience using AI-assisted tools, automations, APIs, or structured workflows to improve engineering or security processes at scale. •
Experience securing AI-powered systems or features, including AI API exposure, prompt and response handling, data protection, misuse scenarios, and monitoring expectations.
Experience supporting or leading security reviews for AI-native products, internal agents, or AI-assisted engineering workflows. •
Experience improving secure-by-design practices and AppSec observability in a fast-moving engineering organization. •
Experience with security training, developer enablement, or security champions programs.
Relevant security certifications are a plus. Example Success Outcomes •
Tier 1 Pay Range (San Francisco, New York City, Seattle) $218,000 — $273,000 USD Tier 2 Pay Range (All other US Locations) $190,000 — $237,000 USD We are AI Native
Apollo.io is an AI-native company built on a culture of continuous improvement.
If you're energized by finding smarter, faster ways to get things done using AI and automation, you'll thrive here.
Experience
5+ years of software engineering or application security experience, with meaningful hands-on AppSec depth in modern SaaS environments.
Benefits
Founded in 2015, the company is one of the fastest growing companies in SaaS, raising approximately $250 million to date and valued at $1.6 billion.
The listed Pay Range reflects the total cash compensation inclusive of annual base salary and annual bonus as applicable.
For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonus target and annual base salary for the role.
This salary range may be inclusive of several career levels at Apollo and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location.
Applicants interested in this role who are not located in the US may request the annual salary range for their location during the interview process. Additional
benefits for this role may include: equity; company bonus or sales commissions/bonuses; 401(k) plan; at least 10 paid holidays per year, flex PTO, and parental leave; employee assistance program and wellbeing benefits; global travel coverage; life/AD&D/STD/LTD insurance; FSA/HSA and medical, dental, and vision benefits.
Additional details
Apollo.io provides sales and marketing teams with easy access to verified contact data for over 210 million B2B contacts and 35 million companies worldwide, along with tools to engage and convert these contacts in one unified platform.
By helping revenue professionals find the most accurate contact information and automating the outreach process, Apollo.io turns prospects into customers. Apollo raised a series D in 2023 and is backed by top-tier investors, including Sequoia Capital, Bain Capital Ventures, and more, and counts the former President and COO of Hubspot, JD Sherman, among its board members. Role Overview
This role blends deep code-level application security work with strong cross-functional partnership.
It includes application security reviews, threat modeling, AppSec tooling, findings triage and remediation follow-through, external testing intake, and developer enablement.
This role is calibrated at the L6 senior-IC level: owning semi-annual or annual goals, solving ambiguous problems with sound judgment, improving operational processes, and driving meaningful cross-team collaboration and influence. Key
Responsibilities Secure SDLC, design review, and threat modeling
Provide practical security architecture guidance to Engineering, Product, and IT teams.
Help define and maintain application-security guardrails, secure design expectations, code review standards, and risk models for new and existing systems.
Go beyond identifying issues: read the code, explain root cause, propose the safest fix, and directly implement or support remediation when needed for complex vulnerabilities.
Configure and improve AppSec tooling and integrations, including SAST configuration, ignore lists, dashboards, and other controls that maintain useful coverage without excessive noise.