Application Security Lead

(north America), United StatesRemote

100K

Responsibilities

Security architecture - Build and refine our frameworks for compute isolation and perform threat modeling and hardening of new products
Design and build of data infrastructure as an early engineer, not just a user. You helped secure it from early design or during major redesigns. You understand how it scales and how it’s secured

Hightouch is the modern AI platform for marketing and growth teams.
Our AI agents reimagine marketing workflows, allowing marketers to create content, plan campaigns, and execute strategies with transformational velocity and performance.
Hightouch is a rare company built on the intersection of two fundamental technological shifts: advances in LLMs and agentic AI, and the creation and rapid adoption of cloud data warehouses like Snowflake and Databricks.
Building on these tailwinds, we’ve become a leader in AI marketing and partner with industry leaders like Domino’s, Chime, Spotify, Ramp, Whoop, Grammarly, and over 1000 others.
We have strong engineering fundamentals and a solid foundation; now you'll shape what security looks like here as we scale from 70 to 140+ engineers.

Our team focuses on making a meaningful impact for our customers.
We approach challenges with first-principles thinking, move quickly and efficiently, and treat each other with compassion and kindness.
We look for team members who are strong communicators, have a growth mindset, and are motivated and persistent in achieving our goals. About the Role
This is our first dedicated security hire, and it's a rare chance to define the function from the ground up.
You'll own Hightouch's application security posture end-to-end.
This is a hands-on, high-autonomy role. You'll spend most of your time in the codebase, not in meetings. You’ll be solving hard problems at the intersection of security and distributed systems:
Multi-tenant isolation on a system running ~1M data syncs per day and ingesting 100K+ events/sec
Sub-tenant access control - for multi-team and multi-brand use cases, requiring differentiated access to configuration and data
Internet-facing APIs - Our high-throughput, internet-facing architecture services customer data at scale. You’ll improve our rate limiting, abuse detection, and granularity of access control
Multi-Region and Multi-Cloud - Supporting our multi-region and multi-cloud backend, including extending it to launch Hightouch on in new regions to support data residency