[Hiring] Application Security Lead @Map Ssg

Role Description

This is the company’s first dedicated security hire and a rare chance to build the application security function from the ground up. You’ll own application and product security end-to-end while partnering directly with engineering leadership on some of the company’s most critical infrastructure and scaling challenges.

This is a deeply technical, hands-on IC role — not a compliance or policy-heavy security position. The ideal person will spend the majority of their time in:

• Architecture reviews
• Codebases
• Threat modeling
• Designing secure systems at scale

What You’ll Work On:

• Designing and improving multi-tenant isolation for systems processing massive data volumes
• Building authorization and sub-tenant access control models
• Threat modeling and hardening distributed systems and customer-facing APIs
• Improving security architecture across multi-cloud and multi-region infrastructure
• Supporting data residency, privacy, and compliance-related technical controls (GDPR/CCPA)
• Partnering closely with backend and distributed systems engineering teams
• Defining long-term application security best practices and roadmap

Qualifications

• 6+ years of experience in application/product security engineering
• Previously one of the first security hires (ideally first 1–3) at a SaaS or data infrastructure company
• Strong distributed systems and large-scale infrastructure knowledge
• Experience securing multi-tenant platforms and customer-facing APIs
• Background in cloud security across AWS/GCP/Azure environments
• Able to read production application code and ship security-focused engineering solutions
• Strong preference for engineers with a software engineering or CS foundation
• Open to former/current security managers looking to move back into hands-on IC work

Nice to Have

• Experience with data infrastructure or high-scale event processing systems
• Privacy/security experience involving PII handling, data residency, or GDPR/CCPA controls
• Experience working in fast-growth engineering organizations
• Background at modern B2B SaaS, infrastructure, developer tooling, or security-focused companies

What They’re NOT Looking For

• Pure offensive security / red team / penetration testing profiles
• Compliance-only or governance-heavy security backgrounds
• Traditional corporate IT security engineers disconnected from product engineering
• Candidates without strong application security and distributed systems depth

Tech Stack

• TypeScript
• Go
• AWS / Azure / GCP
• Multi-cloud distributed infrastructure

Why Candidates Should Join

• First dedicated security hire with massive ownership and visibility
• Opportunity to define security architecture for a rapidly scaling platform
• Work directly with senior engineering leadership
• Company operating at meaningful scale: high-throughput APIs, multi-region infrastructure, enterprise customers, and large-scale data systems
• Strong growth trajectory with top-tier investors and clear long-term upside

Interview Process

• Recruiter Screen
• Security Architecture / Threat Modeling Interview
• Deep Distributed Systems Interview
• Hiring Manager Interview
• Security Program / Cross-Functional Collaboration Interview