Lead Application Security Engineer

About Adaptive

NVIDIA and OpenAI’s only AI cybersecurity investment.

Adaptive is a cybersecurity startup on a mission to stop AI-powered cyberattacks. In December 2025, the company announced an $81M Series B led by NVIDIA and Bain Capital Ventures, with participation from Capital One Ventures, Citi Ventures, and continued support from Andreessen Horowitz (a16z), the OpenAI Startup Fund, and Abstract Ventures. The round marked NVIDIA’s first AI cybersecurity investment.

Adaptive was founded by Brian Long and Andrew Jones, repeat entrepreneurs who have built and scaled category-defining companies. Brian and Andrew previously co-founded Attentive, which grew to more than $500M in annual revenue and a $10B+ valuation, and TapCommerce, which was acquired by Twitter. Together, they bring deep experience building high-growth, product-led businesses at massive scale as Adaptive builds the security layer for the AI era.

Trusted by leading banks, technology companies, and healthcare organizations, Adaptive protects teams from emerging threats like deepfakes, smishing, and AI-powered voice scams. With rapid enterprise adoption and a $200B+ market ahead, the company is just getting started.

Role

Adaptive Security is the fastest-growing company in AI cybersecurity. We started by protecting organizations from AI-powered social engineering - deepfake phone calls, spear phishing, SMS-based threats - and we're now expanding into email security and browser security. Our customers integrate us deeply into their Google Workspace, Microsoft 365, and email infrastructure, and that attack surface is growing fast. We're a security company and our own security posture has to be best in class.

We're looking for an Application Security Engineer to own application security across Adaptive. You need to be a strong enough engineer to work inside our codebase (Java + Spring Boot services, TypeScript + React frontend, and terraform for managing AWS infrastructure) and a strong enough security practitioner to find what others miss. We want someone who finds the vulnerability, opens the PR to fix it, and builds the systems that prevent the next one.

Responsibilities

• Own Adaptive's application security posture end-to-end. Define security standards for our products, infrastructure, and development process and make sure they're followed.

• Conduct security reviews and threat modeling for new features, integrations, and architecture changes. Our attack surface is growing as we add deeper customer integrations and expand internationally.

• Build security into CI/CD. Automate static analysis, dependency scanning, secrets detection, and container security so vulnerabilities are caught before they ship.

• Perform penetration testing against our own applications and infrastructure. Find the bugs before external researchers or attackers do.

• Drive vulnerability management across our application and infrastructure stack. Triage findings from automated tooling, pen tests, prioritize by risk, and push remediation to closure with engineering.

• Lead security incident response process for application-layer events. When something happens, you lead the investigation and remediation.

• Manage our approach to external security testing - bug bounty programs, third-party pen tests, and customer security assessments.

• Own AWS security across our entire cloud architecture — IAM hardening, misconfiguration detection, and building the controls that keep our posture clean as the environment grows.

Qualifications

• 5+ years of experience in application security, with demonstrated ability to find and exploit vulnerabilities in web applications and APIs (OWASP Top 10 and beyond).

• Strong software engineering skills. You can read, write, and ship production code in Java, TypeScript, or similar languages.

• Experience with cloud infrastructure security on AWS (IAM, VPC, ECS, S3, RDS, or equivalent services on other providers).

• Hands-on experience with security tooling in CI/CD pipelines - SAST, DAST, SCA, container scanning, or similar.

• Familiarity with compliance frameworks relevant to enterprise SaaS (SOC 2, HIPAA, GDPR) and the ability to translate compliance requirements into engineering work.

• High autonomy. You're building this function from scratch and are expected to set priorities and drive them.