Application Security, Lead

Remote /
Security /
Full Time
/ Remote
TerraTrue aims to bring “privacy by design” to businesses at scale. Founded in 2018 by early Snap executives, Jad Boutros and Chris Handman, it’s the first privacy platform designed to work seamlessly in concert with product development in real time.

TerraTrue is designed and developed by an innovative team of technology executives, security and privacy veterans and top-tier engineers. Drawing from previous firsthand frustrations, their solutions enable companies to easily comply with regulatory requirements, especially during the rapid scaling phase.

Since its debut, TerraTrue has quickly gained adoption by enabling product and development teams to easily adhere to increasing robust data privacy regulations — including GDPR in Europe and CCPA in California, both of which seek to address rising data security expectations from customers. The solution is proactive rather than reactive and allows partners to focus on what they do best: Innovating with peace of mind knowing that their users are protected.

THE OPPORTUNITY: Application Security, Lead

At TerraTrue, we are security minded executives and developers and care deeply about security; we work hard to implement defenses in depth and leverage cloud technologies that are safe, resilient, and architecturally sound. We are SOC-2 Type II certified, conduct annual external audits, and constantly improve security below the visible surface. We primarily run on Google Cloud and leverage a multitude of technologies including serverless compute, Kubernetes, relational and non-relational databases, secrets management and more. Our web-applications are written in Java for backends, and React/Node.js for frontends. 

We are looking for a hands-on seasoned lead application security engineer with the passion and expertise to keep our products safe and resilient. As TerraTrue's product offering continues to grow, we are increasingly connecting to sensitive customer systems and data across more technologies and cloud providers, and are constantly looking for ways to improve our security posture accordingly. Initially, you'll directly contribute to all facets of our application security posture, including conducting in-depth assessments and developing defenses. Over time, we expect to grow the team where you'll provide increased leadership and mentorship as well. 


    • Assess application security gaps and outline sound and measured improvement plans
    • Leverage tools (e.g. static code analysis) to build stronger automation for security
    • Provide hands-on, technical guidance and direct support for remediation of identified risks or vulnerabilities
    • Maintain and improve product authentication and authorization services
    • In collaboration with Corporate Security, set-up and support a bug bounty program to provide security researchers controlled access to TerraTrue's product offering


    • BS degree in Computer Science, similar technical field of study, or equivalent experience
    • Five years of experience conducting in-depth security design and implementation reviews for web or mobile applications
    • Proven ability to develop in Java (or similar language) for production-facing applications
    • Experience with cloud computing platforms such as AWS, Google Cloud Platform or Azure
    • Experience working collaboratively with engineersStrong verbal and written communication skills
Bonus points if you have...

Solid computer security fundamentals including applied crypto, protocols and authentication/authorization
Familiarity with containment (sandboxing) solutions at the network and system levels
Willingness and know-how to mentor newer colleagues
Experience setting up and managing bug bounty programs

At TerraTrue, we want a vibrant workplace teeming with diverse views, experiences, perspectives, and pretty much all that defines us as uniquely human. That’s why, from the get-go, we’ve been committed to being an equal opportunity employer that provides employment opportunities to all, regardless of race, religion, color, ancestry, religion, sex, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires an accommodation, just let us know by emailing