Senior Application Security Engineer

Title: Senior Application Security Engineer

Location: Austin, TX (hybrid)

Reports To: Sr. Manager, Cybersecurity

About Hippo

Hippo exists to protect the joy of homeownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home.

About the Role

The Senior Application Security Engineer is a senior individual contributor responsible for driving application security outcomes across Hippo’s engineering organization. This role serves as a trusted subject matter expert in application security, providing deep technical guidance and influencing secure design decisions across multiple teams, products, and services.

This position is application-security–first, with intentional overlap into cloud and platform security where application code, identity, CI/CD pipelines, and infrastructure intersect. While the role does not own infrastructure, security programs, or formal departmental priorities, it is accountable for identifying application-centric risks and guiding high-impact security decisions through expertise, partnership, and advisory influence.

Operating with significant autonomy, the Senior Application Security Engineer independently owns complex and ambiguous security challenges end-to-end, ensuring outcomes align with business objectives and risk tolerance. This role emphasizes technical leadership, cross-functional collaboration, and mentorship rather than people management.

About You

You are a seasoned application security professional with deep technical expertise and strong judgment, trusted to guide complex security decisions in high-impact environments. You think adversarially, understand modern application architectures, and can clearly articulate risk tradeoffs to engineering, product, and security leadership.

You are comfortable operating independently in ambiguous situations, influencing outcomes through credibility and collaboration rather than formal authority. You communicate clearly, mentor others naturally, and help elevate application security maturity across teams by embedding secure design principles into everyday engineering practices.

What You'll Do:

• Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks.

• Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services.

• Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments.

• Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact.

• Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience.

• Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance.

• Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance.

• Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection).

• Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale.

• Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction.

Must Haves:

• 6+ years of experience in application security or product security roles.

• Demonstrated impact improving application security outcomes across multiple teams, systems, or business domains.

• Deep experience securing web applications, APIs, distributed systems, WAFs, and customer identity platforms.

• Strong understanding of authentication and identity protocols (OAuth2, OIDC, SAML, JWT, MFA).

• Proven ability to review system designs, data flows, and identify architectural security risks.

• Solid understanding of cloud-native application architectures and CI/CD pipelines from an application risk perspective.

• Experience designing or maintaining automated security tooling and pipelines (SAST, DAST, SCA, secrets detection).

• Proficiency in one or more modern programming languages.

Nice to Have:

• Experience threat modeling or assessing AI-powered features and LLM integrations.

• Application-focused penetration testing or adversarial security testing experience.

• Familiarity with Kubernetes, container security, and infrastructure-as-code as they relate to application security.

• Experience operating in regulated environments.

• Relevant security certifications (e.g., OSWE, GWAPT, CSSLP).

Benefits and Perks:

Hippo treats its team members with the same level of dedication and care as we do our customers, which is why we’re fortunate to provide all of our Hippos with: 

• Healthy Hippos Benefits - Multiple medical plans to choose from and 100% employer covered dental & vision plans for our team members and their families. We also offer a 401(k)-retirement plan, short & long-term disability, employer-paid life insurance, Flexible Spending Accounts (FSA) for health and dependent care, and an Employee Assistance Program (EAP) 
• Equity - This position is eligible for equity compensation  
• Training and Career Growth - Training and internal career growth opportunities 
• Flexible Time Off - You know when and how you should recharge 
• Little Hippos Program - We offer 12 weeks of parental leave for primary and secondary caregivers 
• Hippo Habitat - Snacks and drinks available and catered lunches for onsite employees
  

Hippo is an equal opportunity employer, and we are committed to building a team culture that celebrates diversity and inclusion. Hippo’s applicants are considered solely based on their qualifications, without regard to an applicant’s disability or need for accommodation. Any Hippo applicant who requires reasonable accommodations during the application process should contact the Hippo’s People Team to make the need for an accommodation known.