Security Engineer (App Sec and Cloud Infra)

Thumbtack helps millions of people confidently care for their homes.

Thumbtack is the one app you need to take care of and improve your home from personalized guidance to AI tools and a best-in-class hiring experience. Every day in every county of the U.S. people turn to Thumbtack to complete urgent repairs seasonal maintenance and bigger improvements. We help homeowners know which projects to do when to do them and who to hire from our growing community of 300000 local service businesses. If making an impact inspires you join us. Imagine what well build together.

About the Cybersecurity team

The Security Engineering team at Thumbtack is focused on enabling innovation at scale by making the secure path the easiest path. We believe strong security is not a blocker to velocity but a force multiplier when it is designed into systems platforms and developer workflows from the start.

We partner closely with Product Engineering Platform and Data teams to shape system design guide architectural decisions and evolve Thumbtacks security posture as the company scales. Through collaboration automation and thoughtful tradeoffs we help ensure Thumbtack can ship fast innovate boldly and maintain customer trust.

Challenge

As Thumbtack scales and increasingly incorporates AI-powered features into our products and internal systems security must evolve without slowing innovation. The number of services deployment patterns and data flows continues to grow and traditional approaches that rely heavily on manual reviews or after-the-fact controls do not scale to meet this need.

Instead the challenge is to design security into the system itself. This means building secure defaults paved paths and reusable building blocks that product and engineering teams can adopt with minimal friction. By embedding security directly into architectures tooling and infrastructure we reduce cognitive load on engineers and enable teams to move quickly and confidently while meaningfully lowering risk.

What youll do

• Own and deliver application security work within defined projects or domains. Contribute to cross-functional security initiatives executing clearly scoped pieces of larger efforts.
• Identify prioritize and help remediate application security risks in partnership with engineering teams.
• Apply secure-by-default patterns and approved architectures when designing or reviewing systems.
• Support cloud infrastructure security by integrating security controls into CI/CD pipelines IAM networking and runtime environments.
• Partner with product and engineering teams to assess risk and recommend practical risk-informed security improvements. Participate in application security design reviews and threat modeling for new and existing systems.
• Write code reviews and documentation to address vulnerabilities and reduce recurring classes of issues.
• Participate in security incident response and contribute to post-incident analysis and remediation.

In order to be successful you must bring

• 4 years of experience in software engineering application security or cloud infrastructure security.
• Practical experience with application security techniques such as threat modeling secure design patterns authentication and authorization secrets management and vulnerability remediation. Strong understanding of secure coding practices and common application security risks (e.g. OWASP Top 10).
• Experience securing cloud-native systems in AWS and/or GCP.
• Ability to assess security risks and break down complex problems reason about tradeoffs make sound recommendations and deliver practical impactful solutions with guidance when needed.
• Strong sense of ownership over assigned work with the ability to execute independently and follow through.
• Clear written and verbal communication skills including the ability to explain security issues to engineers with varying levels of security expertise.
• A growth mindset and interest in learning from more senior engineers and expanding depth in both application and cloud infrastructure security over time.

Expected salary ranges

• For candidates living in Ontario and British Columbia the expected salary range for the role is currently $154700.00 - $200200.00.

Actual offered salaries will vary and will be based on various factors such as calibrated job level qualifications skills competencies and proficiency for the role.

Note: Thumbtack uses AI tools to support our resume screening process. However our Recruiting teams expertise and judgment guide hiring decisions.

#LI-Remote

Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex race color age pregnancy sexual orientation gender identity or expression religion national origin ancestry citizenship marital status military or veteran status genetic information disability status or any other characteristic protected by federal provincial state or local law. We also will consider for employment qualified applicants with arrest and conviction records consistent with applicable law.

Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process please contact: .

If you are a California resident please review information regarding your rights under California privacy laws contained in Thumbtacks Privacy policy available at put as much craftsmanship into candidate safety as we do into the hiring experience itself. While scammers may try to impersonate our team well never ask you for money banking info or SSNs during hiring. Check out our blueprint on how to spot the fakes.