Staff Security Application Engineer

Keeper Security is a cybersecurity company providing zero-trust and zero-knowledge security software for password management, secrets management, privileged access, and secure remote access. They serve millions of individuals and thousands of businesses globally.

Keeper Security, Inc.

Employee count: 201-500

United States only

Keeper Security is hiring an Application Security Engineer to own and advance our in-house application security program. This hands-on role will focus on penetration testing, bug bounty management, and security research to strengthen the security posture of Keeper’s globally distributed platform. You will work directly with our CTO, partner with third-party security testing firms, and collaborate with our development teams to identify, triage, and remediate vulnerabilities.

Keeper’s cybersecurity software is trusted by millions of people and thousands of organizations globally. Keeper is published in 21 languages and is sold in over 150 countries. Join one of the fastest-growing cybersecurity companies and help secure our industry-leading platform.

About Keeper

Keeper Security is transforming cybersecurity for organizations around the world with next-generation privileged access management. Keeper’s zero-trust and zero-knowledge cybersecurity solutions are FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, as well as SOC 2 and ISO 27001 certified. Keeper deploys in minutes, not months, and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance. Trusted by thousands of organizations to protect every user on every device, Keeper is the industry leader for best-in-class password management, secrets management, privileged access, secure remote access and encrypted messaging. Learn more at KeeperSecurity.com.

About the Role

The Application Security Engineer will be responsible for executing and scaling Keeper’s application security initiatives. This includes performing internal penetration testing, collaborating with third-party security partners, managing our bug bounty program, and conducting security research to identify emerging threats. You will play a critical role in shaping the security posture of our applications and directly contribute to reducing risk across Keeper’s global platform.

Responsibilities

Perform internal application penetration testing and vulnerability assessments for Java- and React-based applications
Collaborate with 3rd-party penetration testing firms and validate findings
Own and manage Keeper’s bug bounty program, including triage and coordination with engineering teams
Conduct security-focused R&D to identify emerging threats and recommend mitigations
Work with development teams to integrate security into the SDLC and assist with remediation guidance
Develop and maintain application security tooling, scripts, and automation where applicable
Provide clear documentation and reporting of vulnerabilities, risks, and security recommendations

Requirements

5+ years of experience in application security or penetration testing roles
7+ years of experience with Java (backend) and React (frontend) for security testing and review
Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, or similar
Solid understanding of web application security, OWASP Top 10, and secure coding practices
Experience managing bug bounty programs (HackerOne, Bugcrowd, etc.)
Familiarity with common application frameworks, APIs, and cloud-native environments
Strong analytical and problem-solving skills
Excellent communication skills for working with developers and leadership

Preferred Qualifications

Offensive Security certifications (OSCP, OSWE, or equivalent)
Experience with security automation and scripting (Python, Bash, or similar)
Familiarity with secure SDLC processes and CI/CD integration
Background in security R&D, vulnerability research, or exploit development
Experience with compliance frameworks (SOC 2, FedRAMP, or similar)

Benefits

Medical, Dental & Vision (Inclusive of domestic partnerships)
Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
Voluntary Short/Long Term Disability Insurance
401k (Roth/Traditional)
A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Classification: Exempt

Apply now

Please let Keeper Security, Inc. know you found this job on Himalayas. This helps us grow!

Apply now

About the job

Apply before

Oct 29, 2025

Posted on

Aug 30, 2025

Job type

Full Time

Experience level

Senior

Location requirements

United States

Hiring timezones

United States +/- 0 hours

About Keeper Security, Inc.

Learn more about Keeper Security, Inc. and their company culture.

View company profile

At the heart of Keeper Security is a mission to transform cybersecurity for people and organizations around the world. Founded in 2009 by Darren Guccione and Craig Lurey, the company was born from the idea of creating a secure and easy-to-use password manager and digital vault. This vision has since expanded to encompass a comprehensive suite of zero-trust and zero-knowledge security solutions. Keeper's culture is built on a foundation of innovation, creativity, and boldness. They are a global team, passionate about addressing the critical unmet needs of the cybersecurity market. The company actively fosters a diverse and inclusive environment, believing that varied perspectives fuel their drive for excellence. Team members are encouraged to be coachable, intuitive, persistent, and team-driven, contributing to a collaborative and supportive workplace.

Keeper Security invests significantly in the training and development of its employees, starting from their first day and continuing throughout their careers. This commitment to growth extends to their product philosophy, which emphasizes user-friendliness and robust protection. Their solutions, including password management, secrets management, privileged access management, secure remote access, and encrypted messaging, are designed to deploy in minutes and seamlessly integrate with any tech stack. This approach aims to prevent breaches, reduce help desk costs, and ensure compliance for their millions of individual users and thousands of organizational clients. The company's leadership team brings deep expertise in cybersecurity software, cloud computing, and mobile device technologies, guiding Keeper's commitment to customer success and its relentless pursuit of cybersecurity innovation. Keeper's work model is designed to maximize professional development and performance, offering a hybrid structure that includes in-office, work-from-home, and remote options, tailored to individual roles and locations.

Tech stack

Learn about the tools and technologies that Keeper Security, Inc. uses to build, market, and sell its products.

View tech stack

PHP

MySQL

PostgreSQL

Ansible

NGINX

Apache Tomcat

Hotjar

ServiceNow

Keeper Security, Inc. employees can create an account to update this tech stack.

Employee benefits

Learn about the employee benefits and perks provided at Keeper Security, Inc..

View benefits

401(K)

Keeper Security offers a 401(K) plan.

Paid holidays

Keeper Security offers paid holidays.

Wellness perks

Keeper Security offers wellness perks.

Vision Coverage

Keeper Security provides vision coverage.

View Keeper Security, Inc.'s employee benefits

Apply now

Please let Keeper Security, Inc. know you found this job on Himalayas. This helps us grow!

Apply now