AppSec Engineer

Company: Karbon
Location: Remote (US-based locations are subject to salary range disclosure)

About Karbon

Karbon is the global leader in AI-powered practice management software for accounting firms. Our award-winning cloud platform empowers tens of thousands of accounting professionals worldwide to work more efficiently and collaboratively. With customers in 40 countries, we are a globally distributed team recognized for our people-first culture, Great Place To Work® certification, and Fortune magazine's Best Small Workplaces™ List. We are well-funded, growing rapidly, and ranked #1 on G2.

Karbon's Engineering Standards

• Balance Speed and Quality: Deliver reliable, maintainable, and well-tested solutions while making sound trade-offs between velocity and long-term sustainability.
• Collaborate Effectively: Contribute constructively in design discussions, reviews, and planning; communicate clearly about progress and risks; support shared team outcomes in hybrid and distributed environments.
• Build and Maintain Systems: Develop new capabilities while improving existing systems, focusing on scalable design, reducing technical debt, and ensuring operational stability.
• Operate with Autonomy: Translate clear objectives into actionable technical approaches, proactively identify improvements, and expand technical expertise independently.
• Ownership and Accountability: Take responsibility for the quality, performance, and customer impact of your work from design through post-release support.
• AI-Enabled Engineering: Leverage AI tools and approaches as a force multiplier for productivity, problem-solving, and innovation, while maintaining strong technical fundamentals.
• Contribute to Team Culture: Foster a culture of professionalism, transparency, low bureaucracy, and mutual respect.

About the Role

Karbon is seeking a development and cloud-focused AppSec Engineer to join our expanding security team. The ideal candidate is passionate about Application Security, Cloud, and AI, possesses strong communication and relationship-building skills, and can effectively promote and embed security practices across the organization and within our development processes. We view AI as a force multiplier and seek Security Engineers with strong network & security fundamentals, a drive for growth, and enthusiasm for AI's challenges and opportunities.

What You'll Own

• Security Integration: Partner with various teams to embed security from feature design through development, participating in design reviews and threat modeling.
• Balance Security and Delivery: Effectively communicate security risks to non-technical stakeholders, understanding when to push back, compromise, and collaborate for optimal outcomes.
• Stay Current: Keep up-to-date with the latest technologies and approaches, including AI advancements, while maintaining foundational security practices (account hygiene, least privilege, attack surface reduction, MFA).
• AI Risk Assessment: Identify and assess security risks introduced by AI tooling usage, integration, and AI-generated code.
• AI-Assisted Tooling: Apply AI tools to accelerate security tasks such as triage, threat detection, code review, and documentation.
• Cross-Domain Flexibility: Work across multiple security domains, from corporate IT security to cloud-hosted systems and detection rule tuning.
• Team Collaboration: Build relationships and trust across the organization to enhance Karbon's security posture, answer questions, and offer advice.
• Ownership: Take pride in your work, ensuring the security of customer data and following through on commitments.
• Passion and Personality: Bring creativity, curiosity, and authenticity to strengthen the team.
• Measure Improvement: Contribute to Security Metrics to track progress and inform the roadmap.

What Sets You Apart

• 4+ years of experience in a security or development role, including:
• Collaborating with teams on security reviews and embedding security practices.
• Triaging issues, assisting teams with remediation, and testing fixes.
• Working with external penetration testing companies.
• Conducting risk and vulnerability assessments of web applications, APIs, and third-party suppliers.
• Configuring and tuning SAST, SCA, and DAST tooling.
• Integrating security tooling into build/deployment pipelines (e.g., GitHub Actions, Azure DevOps).
• Implementing security-focused alerting, detections, and automations.
• Conducting organizational and developer security training.
• Assisting with operational security items (e.g., EDR alerts, MDM).
• Contributing to the security roadmap.
• Additional Skills:
• Strong communication skills (spoken and written).
• Proficiency in languages/frameworks like Microsoft .NET/C#, JavaScript (React, EmberJS), and Python.
• Experience with at least one major cloud platform (Azure, AWS, GCP – Azure preferred).
• Working knowledge of PowerShell, Bash, and Python.
• Working knowledge of at least one AI development tool (e.g., Claude Code, GitHub Copilot).
• Experience with Portswigger Burp Suite or similar.
• Nice to have: Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud certifications.
• Highly regarded: Experience with securing AI applications, systems, and tooling.

Why Work at Karbon?

• Gain global experience across Australia, New Zealand, UK, and Canada.
• Strong Benefits Package: Flexible Time Off (encouraged 4 weeks/year), company-paid medical for you and eligible dependents, paid dental and vision, 401(k) with company matching, Flexible Spending Account, up to 8 weeks paid parental leave, and a work-from-home stipend.
• Work with and learn from an experienced, high-performing team.
• Collaborative, team-oriented culture embracing diversity, development, and consistent feedback.
• Be part of a fast-growing company with internal promotion opportunities.

Compensation

• Estimated Base Salary Range: $131,000 - $169,000 USD
• This range is an estimate and actual salary will vary based on factors such as location, experience, skills, education, and business needs. Total compensation may include base salary, potential bonus, equity, and benefits.

Diversity & Inclusion

Karbon embraces diversity and inclusion. We encourage applications from candidates whose experience doesn't perfectly align with every listed criterion. We recruit and reward based on capability and performance, without discrimination. If you require accommodations during the recruitment process, please contact people.support@karbonhq.com.

Agency referrals are not being accepted for this position.