At Branch, we’re transforming how brands and users interact across digital platforms. Our mobile marketing and deep linking solutions are trusted to deliver seamless experiences that increase ROI, decrease wasted spend, and eliminate siloed attribution. Our Branch team consists of smart, humble, and collaborative people who value ownership over all. Everything we do is centered around creating a great product, team, and company that lives and breathes our motto: Build Together, Grow Together, Win Together.

We are seeking an experienced, Senior Application Security Engineer reporting directly to the Head of Security. The ideal candidate will bring a combination of strong technical skills, experience with application security, and ability to collaborate with the Engineering team. This position will have a significant impact on maturing our SDLC and implementing security best practices. This important role will help develop and implement the security champions program within our Engineering organization and drive security maturity across the organization.

As a Senior Application Security Engineer, you’ll get to:

Work with the engineering team to assess current secure SDLC processes and make recommendations on security best practices.
Collaborate with the security team on developing and implementing the Security Champions program.
Demonstrate subject matter expertise in AppSec, DAST, SAST, SCA/SBOM, OWASP Top 10, API Security and other relevant areas.
Identify tools for code scanning and work with Engineers on procedures for code testing.
Respond to vulnerabilities from our bug bounty program and drive remediation with Engineering teams.
Work with Engineering and Product teams on identity and access management to systems and tools to ensure principle of least privilege.
Assist with the sales enablement process and participate on customer calls to address remediation efforts.
Participate in compliance efforts such as SOC2, ISO, and HIPAA/HITRUST audits.
Educate the Engineering team on secure coding practices and procedures.

You’ll be a good fit if you have:

At least 5+ years experience as a Security Engineer focusing on application security, infrastructure security, or security operations.
Bachelor's / master’s degree in computer science, Computer Engineering, (or equivalent experience).
Experience in the following domains: APIs Security, Vulnerability Scan, compliance and threat detection, OWASP Top 10 API Security, Web App Security, AppSec, SAST, DAST, and SCA (Software composition analysis).
Experience with different enterprise components to publish and use APIs (e.g., API Gateways, Microservices, Cloud Components).
Experience with Mobile application development and SDKs.
Experience with security testing for server-side SDKs.
Experience with API security testing, vulnerability scan and compliance reporting.
Experience with OWASP Top 10 for Web App & APIs.
Experience with OpenAPI, and other common formats for organizing and functionally testing REST APIs.
Excellent analytical, written, and verbal communication skills – capable of explaining complex requirements in simple words.
Comfortable with conflicts and capable of influencing cross-functional teams.
Any programming or integration experience in the past will be highly beneficial.

Nice to Haves:

Knowledge or experience with deep linking technologies.
Experience with regulatory and compliance frameworks such as NIST, SOC2, ISO, PCI, and HIPAA.

This role does not qualify for US visa support.

This role is required to be remote in North Carolina. This role is not eligible for remote work in any other location. Branch is not open to supporting relocation at this time.

This role requires working with healthcare clients and may necessitate additional background checks during employment. All background checks will be conducted in compliance with applicable state and federal laws. Any offer of employment (including continued employment) will be contingent upon your consent to such background checks and satisfactory verification of the same.

The salary range provided represents base compensation and does not include potential equity, which is available for qualifying positions. Branch offers a comprehensive benefits package, including medical, dental, 401(k), and other benefits, for qualified employees. For detailed information on the benefits specific to your position, please consult with your recruiter.

Branch is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

If you think you'd be a good fit for this role, we'd love for you to apply! At branch, we strive to create an inclusive culture that encourages people from all walks of life to bring their unique, diverse perspectives to work. We aim every day to build an environment that empowers us all to do the best work of our careers, and we can't wait to show you what we have to offer!

A little bit about us:

Branch is the leading provider of engagement and performance mobile SaaS solutions for growth-focused teams, trusted to maximize the value of their evolving digital strategies. The Branch platform provides a seamless experience across paid and organic, on all channels and platforms, online and offline, to eliminate friction and drive valuable action at the moments of highest intent. With Branch, businesses gain accurate mobile measurement and insights into user interactions, enabling them to drive conversions, engagement, and more intelligent marketing spend.

Branch is an award-winning employer headquartered in Palo Alto, CA. World-class brands like Instacart, Western Union, NBCUniversal, Zocdoc and Sephora acquire users, retain customers and drive more conversions with Branch.

Candidate Privacy Information:
For more information on the data that Branch will collect through your application, and how we use, share, delete, and retain that information as part of our recruitment and employment efforts, please see our HR Privacy Policy.

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Location (City)

Resume/CV *

Dropbox

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox

(File types: pdf, doc, docx, txt, rtf)

LinkedIn Profile

Website

Will you now or in the future require visa support in order to work for Branch? *

Have you ever worked at Branch as full time employee or contractor? *

How did you hear about this job? *

At Branch we value inclusivity, please share your pronouns so we can address you properly. The disclosure of personal pronouns will not impact the candidacy of an applicant. Participation is fully voluntary.

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Branch Metrics’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Enter the verification code sent to to confirm you are not a robot, then submit your application.

Security Code *

This application was flagged as potential bot traffic. To resubmit your application, turn off any VPNs, clear the browser's cache and cookies, or try another browser. If you still can't submit it, contact our support team through the help center.