- Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production.
- Drive security and product trade-off decisions at the architectural level, balancing protection with velocity.
- Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity.
- Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness.
Secure Development & Tooling - Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale.
- Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio.
- Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements.
Requirements
Homebase’s product suite spans scheduling, payroll, time tracking, HR, team communication, and a growing ecosystem of AI-powered features.
That breadth creates fascinating security challenges, from protecting sensitive workforce and financial data to securing the AI models and pipelines that are becoming central to our product experience.
AI Security - Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations.
- Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure.
- Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance.
experience in Application Security or Security Engineering, with demonstrated impact at the Staff or Principal level. - Deep software engineering
experience in production environments, you write code, build tools, and think like an engineer first. - A proven track record of leading architectural changes and complex cross-team initiatives that reduced security risk at scale. - Hands-on
experience securing AI-native applications, including LLM integrations, model pipelines, or ML infrastructure. - Strong expertise in web application security, cloud-native security (AWS), and modern DevSecOps practices. - Proficiency in languages and frameworks relevant to our stack: Ruby, Python, React, and Rails. -
Experience designing and implementing modern vulnerability management systems and embedding security tooling within CI/CD pipelines. - Exceptional ability to evaluate security trade-offs, make pragmatic risk-informed decisions, and communicate them clearly to technical and non-technical stakeholders. - Demonstrated curiosity about emerging AI capabilities, with a track record of leveraging new tools to enhance security operations and productivity.
Experience defining application security strategy and maturity roadmaps for a high-growth, product-driven company. - A background in building AI-powered security tools or detection systems. - Speaking
experience at security conferences, meetups, or community events. -
Experience with threat modeling frameworks adapted for AI/ML systems. 🤝 The Homie Way - These principles guide everything we do—from how we work and make decisions to how we show up for each other. - 💡 Be Customer Obsessed – Solve problems with empathy and creativity. - ⚡ Move Fast, Learn Fast – Experiment, take action, and grow every day. - 🎯 Own
That means you'll have access to paid AI tools with minimal restrictions, so you can build, experiment, and level up your craft.
Experience
🚀 The Foundation for Success - These are the experiences and strengths that will set you up for success in this role: - 10+ years of progressive
Benefits
Bonus point if you bring: -
What We Offer - 💰 Ownership & Savings: Stock options + TFSA/RRSP with 4% company match - 🏥 Health & Wellness: Comprehensive medical, dental, and vision for you and your dependents - ⏰ Time Flexibility: Flex time off + company holidays + designated focus periods - 🤖 AI Access, For Real: We invest in builders and believe that curiosity shouldn't have a paywall.
- 👶 Family Support: Maternity/Parental Leave EI top-up support offered (after 6 months of service) - 🌟 Work Your Way: Work From Anywhere Month + meeting-free weeks yearly - 🛡️ Protection Plans: Life insurance + short/long-term disability coverage - 🍽️ Workspace Perks: Meals provided, team offsites, and Customer Days - 💼 Our Hybrid Rhythm: We believe collaboration drives impact.
Contact
What to Expect During the Interview Process - Meet the Talent Acquisition team, Ryan H http://linkedin.com/in/rjharrison26?miniProfileUrn=urn%253Ali%253Afs_miniProfile%253AACoAAAf-mkwBXV7Tpd8VzKAwOBnvPX7rs5F7GbA&miniProfileUrn=urn%3Ali%3Afs_miniProfile%3AACoAAAf-mkwBXV7Tpd8VzKAwOBnvPX7rs5F7GbA&skipRedirect=true.
https://www.linkedin.com/in/alifirooz/ - Participate in Technical Interviews - Meet the VP of Engineering, Andrea C.
https://www.linkedin.com/in/andreacorey?lipi=urn%3Ali%3Apage%3Ad_flagship3_search_srp_all%3BTcGKAZ4uTpuiA1WcB%2F6rwA%3D%3D&miniProfileUrn=urn%3Ali%3Afs_miniProfile%3AACoAAAAN3fMBDNqXLhEaGBuk36LBCwpflHiQWSY - Background Check + Offer Stage - Welcome to the team, Homie 🎉 💜 Belonging at Homebase - We're committed to fostering a welcoming space where every Homie can be their full self.
Additional details
Hi, Future Homie! At Homebase, you’ll join a team that’s bold, fast-moving, and obsessed with helping small businesses thrive.
We build with empathy, act with urgency, and take big swings that drive real-world impact.
Here, every Homie shows up to raise the bar, support one another, and celebrate wins as a team.
We’re not just building an app—we’re building unstoppable teams.
This is a technical leadership role at the E5 level—you’ll define the multi-quarter strategy for how we secure our products, set architectural direction, and pioneer new capabilities that keep pace with our rapid growth.
You’ll be the recognized expert our engineering organization turns to for application security decisions.
You’ll work at the intersection of security, product, and engineering, partnering with engineering leaders to embed security into architecture from the ground up, while building the platforms and tooling that let developers ship safely at speed.
These are the key ways you’ll contribute and create impact in this role: Security Strategy & Architecture - Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs.
- Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform.
- Influence company-wide engineering practices and security investments through data-driven recommendations.