Staff Security Engineer, Application Security (Hybrid)

At Homebase, you’ll join a team that’s bold, fast-moving, and obsessed with helping small businesses thrive. We build with empathy, act with urgency, and take big swings that drive real-world impact. Here, every Homie shows up to raise the bar, support one another, and celebrate wins as a team.

We’re not just building an app—we’re building unstoppable teams. So what do you say, are you in?

We’re looking for a hands-on Staff Security Engineer to own and shape Homebase’s Application Security domain. This is a technical leadership role at the E5 level—you’ll define the multi-quarter strategy for how we secure our products, set architectural direction, and pioneer new capabilities that keep pace with our rapid growth.

Homebase’s product suite spans scheduling, payroll, time tracking, HR, team communication, and a growing ecosystem of AI-powered features. That breadth creates fascinating security challenges, from protecting sensitive workforce and financial data to securing the AI models and pipelines that are becoming central to our product experience.

You’ll be the recognized expert our engineering organization turns to for application security decisions. You’ll work at the intersection of security, product, and engineering, partnering with engineering leaders to embed security into architecture from the ground up, while building the platforms and tooling that let developers ship safely at speed.

• Define and execute Homebase’s multi-quarter Application Security roadmap, aligning security initiatives with business objectives and company OKRs.

• Architect secure-by-default patterns, frameworks, and paved roads that developers adopt naturally, removing entire classes of vulnerabilities before they reach production.

• Evaluate emerging security technologies and make build-versus-buy decisions that shape the security platform.

• Drive security and product trade-off decisions at the architectural level, balancing protection with velocity.

• Influence company-wide engineering practices and security investments through data-driven recommendations.

• Lead threat modeling and security architecture reviews for AI-powered features, model training pipelines, and LLM integrations.

• Design and implement security controls specific to AI/ML systems, including prompt injection defenses, model input validation, output filtering, and data pipeline integrity.

• Create AI-powered vulnerability detection and security automation that multiplies the team’s effectiveness.

• Partner with AI engineering teams to establish secure development patterns for model deployment and inference infrastructure.

• Stay ahead of the evolving AI threat landscape and translate emerging risks into practical engineering guidance.

• Build and maintain security tooling and automation that integrates seamlessly into CI/CD pipelines, enabling continuous security validation at scale.

• Own the vulnerability management program: design modern systems for detection, prioritization, tracking, and remediation of security debt across the product portfolio.

• Own the bug bounty and responsible disclosure program, turning external researcher findings into systemic improvements.

• Embed security into the full software development lifecycle through scalable guardrails, automated testing frameworks, and developer-facing documentation.

• Partner with senior leaders across Engineering, Product, and Infrastructure to improve Homebase’s overall security posture.

• Pioneer a security partnership program, mentoring engineers across the organization, and driving a culture of shared security ownership.

• Provide expert guidance during security incidents and lead post-incident analysis to drive systemic improvements.

• Curate and author security guidance, patterns, and training content that raises the security bar organization-wide.

• Influence security decisions at the department and company level; shape how Homebase invests in security capabilities.

• Experience defining application security strategy and maturity roadmaps for a high-growth, product-driven company.

• A background in building AI-powered security tools or detection systems.

• Speaking experience at security conferences, meetups, or community events.

• Experience with threat modeling frameworks adapted for AI/ML systems.

• Meet the Talent Acquisition team, Ryan H.

• Meet the Hiring Manager, Ali F.

• Participate in Technical Interviews

• Meet the VP of Engineering, Andrea C.

• Background Check + Offer Stage

• Welcome to the team, Homie 🎉

Homebase is the everything app for hourly teams—built to simplify the day-to-day and superpower local businesses. With tools for scheduling, time clocks, payroll, communication, HR, and more, we help teams stay connected and in control. Today, over 150,000 small (but mighty) businesses rely on us to make work radically easier. Together, we’ve tracked over a billion hours for 2M+ workers—and we’re just getting started.

At Homebase, we celebrate diversity and are proud to be an equal opportunity employer. We welcome all candidates and do not discriminate based on any legally protected status. If you need accommodations during the hiring process, please let us know—we’re committed to ensuring fair and equitable access for all.