Senior Application Security Engineer

Join our dynamic team as a Senior Application Security Engineer, where you'll play a pivotal role in securing the Temporal development pipeline, product, and customer execution environment. In this position, you'll work closely with software engineering teams and customers to build security deeply into our platform across multiple clouds. You'll also help shape how we use AI responsibly in both our product and our engineering processes. We're looking for individuals who are passionate about enabling engineering teams to build and ship securely, serving as trusted security partners across the organization.

• →Collaborate with product and engineering teams to integrate security principles into the design and architecture of products.
• →Conduct threat modeling and risk assessments to identify vulnerabilities and potential attack vectors across the full product surface.
• →Manage the Secure Development pipeline including code security and 3rd party library supply chain security.
• →Stay current on emerging standards and guidance (e.g. OWASP Top 10 for LLMs, MCP security specifications) and translate these into actionable internal policy.
• →Triage Bug Bounty findings and responsibility disclosed vulnerabilities.
• →Able to participate in on-call rotation.

• Bachelor’s degree in Computer Science, Cybersecurity, or a related field (or equivalent experience).
• 5+ years in application or product security or a related role.
• Proven partnership with engineering teams, bringing security expertise to the planning and development process.
• Knowledge of encryption, authentication, and secure communication protocols.
• Familiarity with tools like SAST, DAST, and penetration testing frameworks.
• A deep understanding of application architecture and design principles, ability to effectively identify vulnerabilities across multiple programming languages
• Excellent communication and ability to explain complex security concepts to non-technical stakeholders.
• Kubernetes security posture management and auditing, including workload hardening, RBAC design, and admission control.
• Demonstrated experience with multi-tenant security architecture, including data plane isolation, control plane hardening, and cross-tenant data leakage prevention.
• Excellent collaboration and communication skills.
• Expertise in at least one programming language, familiarity with Python and Go.

• Distributed computing and related vulnerability experience.
• Running a Security Champions program.
• Open Source automation or automation projects.
• Expertise in other areas of security.
• Security conference talks or published research.

Temporal is a globally distributed, collaborative team that values opportunities for in-person connection. Occasional travel may be required for company events, team offsites, and other meaningful moments that bring us together.