Staff Application Security Engineer

HoneyBook is the leading AI-powered business management platform for service-based business owners. Designed to enhance—not replace—independent professionals, HoneyBook's AI-powered tools help businesses attract leads, connect with clients, book projects, and manage payments more efficiently. With AI seamlessly integrated into every workflow, entrepreneurs can focus on their craft while scaling their businesses with confidence. Since its founding in 2013, HoneyBook has powered over 25 million client relationships and processed more than $12 billion in transactions, helping independent businesses grow faster and smarter.

Our culture is built on five core values that inform everything we do. We encourage collaboration, feedback, ownership, and have a growth mindset. We know experience comes in many forms, some visible on your resume, others not. No one candidate will be a 100% perfect match to our description, so if you thrive in a fast-paced, intellectually-charged environment and have similar experience to what we are looking for, we encourage you to apply.

We're looking for a Staff Application Security Engineer to join our IT and Security team. This role is ideal for a hands-on security professional who is passionate about working closely with engineering teams to design secure software, fix vulnerabilities, and promote a culture of security across the organization.

You'll be responsible for shaping and owning our Secure Software Development Lifecycle (SSDLC), managing security tooling, and leading the assessment of application and API security across HoneyBook's products and services.

• Collaborate directly with engineering teams to define remediation strategies, track implementation, and validate security fixes across the application stack.
  
  
• Design, implement, and drive SSDLC practices across the company—from security design reviews and threat modeling to proactive triaging in production.
  
  
• Conduct threat modeling, architecture reviews, and security assessments of cloud-based applications and services, including those leveraging emerging technologies.
  
  
• Manage HoneyBook's bug bounty program, validating reports and coordinating response and resolution.
  
  
• Own and operate our suite of AppSec tools including SAST, ASPM, and other security scanners—triaging findings, prioritizing issues, and guiding engineering toward resolution.
  
  
• Review source code and applications to identify vulnerabilities and collaborate with dev teams on remediation.
  
  
• Act as the point of contact for findings from penetration tests, automated scanners, and external assessments, helping manage triage and ensure timely fixes.
  
  
• Continuously research and stay current with application security trends, frameworks, vulnerabilities, and best practices.
  
  
• Promote a strong security culture across HoneyBook by educating and enabling engineers, architects, and DevOps teams to build secure software from the ground up.
  
  

• 5+ years of experience in Application Security, Product Security, or Secure Software Development.
  
  
• Proven experience working with modern web application stacks, cloud-native architectures, APIs, and CI/CD pipelines.
  
  
• Strong understanding of application security principles, common vulnerabilities (OWASP Top 10), and secure coding best practices.
  
  
• Experience with security tools like Burp Suite, Oligo, VeraCode, SonarQube, or similar (SAST/DAST/IAST/API tools).
  
  
• Hands-on experience with code review and static analysis for security issues across languages like JavaScript, Python, Go, or similar.
  
  
• Familiarity with cloud platforms (AWS preferred) and infrastructure-as-code security.
  
  
• Experience managing bug bounty programs and third-party testing engagements.
  
  
• Excellent communication skills—able to translate security concepts into developer-friendly language and work cross-functionally across teams.
  
  
• Ability to balance pragmatic risk mitigation with product velocity, business needs, and user experience.
  
  
• A growth mindset and a desire to mentor others and continuously improve HoneyBook's security posture.
  
  

Certifications like OSCP, GWAPT, CISSP, or CSSLP are a plus but not required.

The good stuff:

• Mission-driven: You'll be joining more than just another startup - our members are at the heart of everything we do.
• Impact: We move quickly and encourage every employee to push the envelope. Our best ideas come from out-of-the-box thinking and innovation; be ready to fail fast and often
• Compensation: We offer a competitive salary + meaningful equity based on merit.
• Benefits + Perks: From wellness programs to exceptional family leave policies, the health and happiness of our employees is foremost.

Our core values:

People come first: We prioritize people as we explore opportunities and work through challenges.
Raise the bar: We push for greatness—for ourselves, each other, and our members.
Own it: Trust and ownership let us make decisions with confidence.
We love what we do: We bring passion to our work and love what we create for our members.
Keep it real: Authenticity, respect, and transparency are at our core.

The opportunity at HoneyBook is huge. Our primary customers today are creative businesses that generate $150B in revenue per year in the US. Founded in 2013, HoneyBook is based in San Francisco and Tel Aviv, has raised $498M, and is funded by Tiger Global Management, Norwest Venture Partners, Aleph, Hillsven Capital, OurCrowd, Durable Capital Partners LP, Vintage Investment Partners, Battery Ventures, Citi Ventures, Zeev Ventures, and 01 Advisors.

Follow us on Instagram, Facebook and Medium and catch the latest stories about HoneyBook. Read about what our employees are saying about us on Glassdoor.

Applicant Information
When you apply for a job or an independent contractor/agent position with HoneyBook, we collect the information that you provide in connection with your application. This includes name, contact information, professional credentials and skills, educational and work history, and other information that may be included in a resume or provided during interviews (which may be recorded). This may also include demographic or diversity information that you voluntarily provide. We may also conduct background checks and receive related information.

We use applicants' information to facilitate our recruitment activities and process applications, including evaluating candidates and monitoring recruitment statistics. We use successful applicants' information to administer the employment or independent contractor relationship. We may also use and disclose applicants' information (a) to improve our Services, (b) as otherwise necessary to comply with relevant laws, (c) to respond to subpoenas or warrants served on HoneyBook, and (d) to protect and defend the rights or property of HoneyBook or others.

Our Privacy Policy is here.