Staff Security Engineer, Application Security
NinjaTrader is a futures trading provider offering an integrated, multi-device trading platform for active traders. It provides tools, services, and support for both new and experienced traders to access global futures markets, including Micro E-mini futures.
Funding
Investors
Projects
About NinjaTrader
NinjaTrader delivers integrated multi-device trading using a cloud-based technology designed for active futures traders. They provide access to the world’s most popular futures markets, including E-mini indexes, with no deposit minimums, low margins, and low commissions. The platform is highly customizable, allowing users to integrate thousands of third-party add-ons or develop their own tools using a C# based framework. NinjaTrader is a futures trading provider that centralizes tools and services for both new and experienced traders, offering professional trading platforms for charting, free trading simulation, and comprehensive support resources.
Skills
About the Role
You'll help scale and mature the security program by owning key security domains and initiatives end-to-end, working closely with engineering to ensure systems are secure by design. This role is highly hands-on, with opportunities to drive meaningful impact through automation, secure design, and developer enablement. You'll operate with significant autonomy while partnering with senior engineers and security leadership to scale security across the organization.
Requirements
- 7+ years of experience in Application Security, Product Security, or Security Engineering
- Strong hands-on experience with threat modeling and secure design
- Experience with vulnerability management and application security tooling
- Experience working in cloud-native environments such as AWS and GCP
- Experience integrating security into CI/CD pipelines and developer workflows
- Ability to write code in Python, Go, or similar languages for automation and tooling
- Strong ability to work cross-functionally with engineering teams
- Experience scaling security in a high-growth or late-stage startup (bonus)
- Familiarity with AI-driven security workflows or automation (bonus)
- Background in API security, data protection, or multi-tenant systems (bonus)
- Experience with bug bounty programs and penetration testing (bonus)
- Security certifications such as CISSP (bonus)
Responsibilities
- Own key security domains such as vulnerability management, application security, API security, and supply chain security
- Drive improvements in security coverage, prioritization, and remediation workflows
- Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows
- Provide actionable, pragmatic guidance that helps teams ship securely
- Develop and improve security tooling and automation to reduce manual effort
- Implement and tune tools for SAST, SCA, DAST, dependency security, and container security
- Leverage AI/LLMs where appropriate to improve triage, detection, and review processes
- Triage and prioritize vulnerabilities using risk-based approaches
- Partner with teams to ensure timely remediation of critical issues
- Help define and improve SLAs, metrics, and reporting
- Conduct threat modeling, design reviews, and security assessments
- Contribute to incident response and postmortems for security events
- Identify and help remediate systemic risks
Benefits
- Annual target bonus of 12%
- 401K plan with company match up to 3.5%
- 23 days paid time off per year, accruing
- Seven paid holidays
- 20 additional flex remote days annually
- 5 Company Wide Office-Optional weeks tied to major holidays
- 1 Service Day Annually
- Paid Parental Bonding Leave
- Health, Vision, Dental Coverage
- Life and Disability Insurance Covered 100% by NinjaTrader
