Senior Application Security Engineer (GraphQL Focus)

We're looking for a Senior Application Security Engineer who thrives at the intersection of software engineering and security. You'll play a pivotal role in proactively building security into our development lifecycle; designing guardrails, blocking insecure patterns, and ensuring the foundations of our platform are secure by default. This role is ideal for a technical engineer who has experience shipping code, understands how modern development works (especially GraphQL), and wants to make prevention (not patching) the default.

You won't just file Jira tickets and walk away; you'll partner closely with engineers to fix issues, improve tooling, and make it easier to do the secure thing.

Key Responsibilities:

• Define and enforce security guardrails by building golden paths and secure frameworks that developers can follow with confidence
• Block insecure code paths in CI/CD using tools like GitHub Actions, Argo Workflows, and Kubernetes admission controllers
• Leverage AI/ML tools to automate code review, alert triage, log analysis, and threat detection for application-layer risks
• Build and deploy rules and other security checks that break the build when critical vulnerabilities are introduced
• Partner with teams to implement fixes for security issues, not just report them; security ownership doesn't end at filing the ticket
• Define and enforce best practices for GraphQL schema design, including access control, rate limiting, schema hardening, and versioning
• Lead security design and code reviews, threat modeling exercises, and security validation in critical product areas
• Analyze past vulnerabilities and incidents to eliminate root causes and reduce recurring issues
• Contribute to and evolve internal tooling and frameworks to make secure development frictionless and fast
• Participate in an on-call rotation for urgent security issues and incident response

What We're Looking For:

• 4+ years of experience in application security engineering or software development roles with secure software design as a focus
• Proficient in at least one backend language (TypeScript, Python, or Java)
• Experience in GraphQL API security
• Experience defining and enforcing security controls in CI/CD pipelines and Kubernetes-based environments
  
  
• Deep understanding of authentication/authorization patterns (OAuth2, JWT, resolver-level controls) and API security best practices
• Demonstrated ability to implement and operationalize security guardrails, not just suggest them
• Comfort working cross-functionally with engineering, platform, and product teams to balance security, usability, and speed
• Experience using or integrating AI-powered tools for tasks like alert triage, code scanning, and detection automation is a strong plus
• A bias toward action; you're willing to roll up your sleeves and fix issues directly when it makes sense

Who We Are

The Company:Amplitude is filled with humble, life-long learners who are eager to help one another and the company succeed. Our values of growth mindset, ownership, and humility are core to the way we work: we're tenacious in the face of challenges, we take the initiative to solve problems that drive our shared success, and we operate from a place of empathy and openness, seeking to understand many points of view.

The Product:Amplitude is a digital analytics platform-we help companies capture data they can trust, uncover clear insights about customer behavior, and take faster action. This empowers teams to build better product experiences that drive business growth. We're super proud of what we've built and continue to expand: a platform that empowers companies to thrive in the digital era.

We care about the well-being of our team: We offer competitive pay and benefits packages that reflect our commitment to the health and well-being of our Ampliteers.

Some of our benefit programs include:

• Excellent medical, dental and vision insurance coverages, with 100% employer-paid premiums for employee medical, dental, vision on select plans
• Flexible time off, paid holidays, and more
• Generous stipends to spend on what matters most to you, whether that's wellness (monthly), commuter transit/parking (monthly), learning and development (quarterly), home office equipment (annual), and much more
• Excellent Parental benefits including: 12-20 weeks of Paid Parental Leave, Carrot Fertility Benefits/Adoption/Surrogacy support, Back-up Child Care support
• Mental health and wellness benefits including no cost employee access to Modern Health coaching & therapy Sessions and high quality physician office experience via One Medical membership (select U.S. locations only)
• Employee Stock Purchase Program (ESPP)

Other fun facts about Amplitude:

• We were recognized in theNewsweek Excellence Index 2024.
• Our customers love us! They've said we're the#1 product analytics solutionfor 15 quarters in a row on G2.
• We're focused on growth. Check us out in Deloitte's 2023 Technology Fast 500
• We care A LOT about product innovation. Fast Company called us the #3 most innovative enterprise company in the world.
• We invest in our people. We offer mentorship programs, management training, and wellness initiatives.
• We give back to our communities. We give every Ampliteer a charitable giving grant and paid volunteer time off.
• We were founded in 2012, went public via a direct listing in September 2021, and are now trading under the ticker $AMPL.
• We're a global and fast-growing team! We have employees around the world and offices in San Francisco (HQ), New York, Vancouver, Amsterdam, London, Paris, Singapore, and Tokyo.
• Our mascot is the datamonster, who loves to chow down on numbers, charts, and graphs. Nom nom.

Amplitude provides equal employment opportunities (EEO). All applicants are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.

This role is eligible for equity, benefits and other forms of compensation.

Based on legislation in California, the following details are for individuals who will work for Amplitude in San Francisco Bay Area of California. Salary range: $161,000 - $266,000 total target cash (inclusive of bonus or commission) plus equity.

#LI-JJ1

#LI-Hybrid

"Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records."