Senior Application Security Engineer

Title: Senior Application Security Engineer Location: Austin, TX / Dallas, TX / San Francisco Bay Area, CA / Morristown, NJ (hybrid) Reports To: Sr. Manager, Cybersecurity About Hippo Hippo exists to protect the joy of homeownership. We believe that insurance should protect the things you treasure through an intuitive, modern experience. We provide tailored insurance coverage and preventative maintenance plans that keep you protected throughout your homeowner journey. We’ll also help you find coverage for everything life brings—from auto to flood—reimagining how you care for your home. About the Role The Senior Application Security Engineer is a senior individual contributor responsible for driving application security outcomes across Hippo’s engineering organization. This role serves as a trusted subject matter expert in application security, providing deep technical guidance and influencing secure design decisions across multiple teams, products, and services. This position is application-security–first, with intentional overlap into cloud and platform security where application code, identity, CI/CD pipelines, and infrastructure intersect. While the role does not own infrastructure, security programs, or formal departmental priorities, it is accountable for identifying application-centric risks and guiding high-impact security decisions through expertise, partnership, and advisory influence. Operating with significant autonomy, the Senior Application Security Engineer independently owns complex and ambiguous security challenges end-to-end, ensuring outcomes align with business objectives and risk tolerance. This role emphasizes technical leadership, cross-functional collaboration, and mentorship rather than people management. About You You are a seasoned application security professional with deep technical expertise and strong judgment, trusted to guide complex security decisions in high-impact environments. You think adversarially, understand modern application architectures, and can clearly articulate risk tradeoffs to engineering, product, and security leadership. You are comfortable operating independently in ambiguous situations, influencing outcomes through credibility and collaboration rather than formal authority. You communicate clearly, mentor others naturally, and help elevate application security maturity across teams by embedding secure design principles into everyday engineering practices. What You'll Do: Serve as a senior subject matter expert in application security, providing authoritative guidance on secure design, authentication, identity flows, API security, and cloud-native application risks. Act as a trusted security advisor during architecture reviews, design discussions, and risk assessments across multiple teams and services. Identify, assess, and clearly communicate application-centric security risks across application code, CI/CD pipelines, identity systems, and cloud environments. Independently own and drive resolution of complex and ambiguous application security challenges with broad organizational impact. Apply threat modeling, attack-path analysis, and adversarial thinking to inform defensive improvements and strengthen application resilience. Contribute technically to broader security programs by shaping standards, best practices, secure patterns, and technical guidance. Support security incidents and targeted threat-hunting efforts by providing application security expertise, root-cause analysis, and remediation guidance. Design, improve, and help operationalize automated security tooling and pipelines (e.g., SAST, DAST, SCA, secrets detection). Mentor engineers and security partners across teams, acting as a force multiplier to improve secure design and decision-making at scale. Communicate risks, recommendations, and standards clearly to senior engineers and security leadership to influence technical direction. Must Haves: 6+ years of experience in application ... (truncated, view full listing at source)