Return to jobs
Seize the chance to shape system design and security posture in a team revolutionizing home improvement experiences at Thumbtack.
Overview
Salary
£154700 - £200200
Location
Remote, Ontario
Nomad Friendly?
Expires
Expires at anytime
Organisation Summary
Join Thumbtack, a leading platform used across the U.S. for easy, reliable home improvement that combines AI tools with a vast community of 300,000 local service businesses. Your contributions will directly impact how millions of people care and improve their homes.
Role Summary
- Lead and deliver application security work for defined projects or domains.
- Collaborate with engineering teams to identify and mitigate application security risks.
- Enable secure systems design and operation by integrating security directly into architectures, tooling, and infrastructure.
- Support cloud infrastructure security by integrating security controls into CI/CD pipelines, IAM, networking, and runtime environments.
- Participate in security incident response and post-incident analysis.
Role Requirements
- 4+ years of experience in software engineering, application security, or cloud infrastructure security.
- Practical experience with application security techniques and cloud-native systems security for AWS and/or GCP.
- Clear written and verbal communication skills with the ability to explain security issues effectively.
- Strong sense of ownership on assignments and adept at independent execution and follow through.
- Growth mindset with an interest in learning and developing deep security expertise.
Application Process Details
- Thumbtack uses AI tools for initial resume screening.
- Human expertise and judgement guide the finals hiring decisions.
- If you require any reasonable accommodation for a medical condition or disability during the application process, please contact recruitingops@thumbtack.com
Thumbtack helps millions of people confidently care for their homes.
Thumbtack is the one app you need to take care of and improve your home — from personalized guidance to AI tools and a best-in-class hiring experience. Every day in every county of the U.S., people turn to Thumbtack to complete urgent repairs, seasonal maintenance and bigger improvements. We help homeowners know which projects to do, when to do them and who to hire from our growing community of 300,000 local service businesses. If making an impact inspires you, join us. Imagine what we’ll build together.
About the Cybersecurity team
The Security Engineering team at Thumbtack is focused on enabling innovation at scale by making the secure path the easiest path. We believe strong security is not a blocker to velocity, but a force multiplier when it is designed into systems, platforms, and developer workflows from the start.
We partner closely with Product, Engineering, Platform, and Data teams to shape system design, guide architectural decisions, and evolve Thumbtack’s security posture as the company scales. Through collaboration, automation, and thoughtful tradeoffs, we help ensure Thumbtack can ship fast, innovate boldly, and maintain customer trust.
Challenge
As Thumbtack scales and increasingly incorporates AI-powered features into our products and internal systems, security must evolve without slowing innovation. The number of services, deployment patterns, and data flows continues to grow, and traditional approaches that rely heavily on manual reviews or after-the-fact controls do not scale to meet this need.
Instead, the challenge is to design security into the system itself. This means building secure defaults, paved paths, and reusable building blocks that product and engineering teams can adopt with minimal friction. By embedding security directly into architectures, tooling, and infrastructure, we reduce cognitive load on engineers and enable teams to move quickly and confidently while meaningfully lowering risk.
What you'll do
- Own and deliver application security work within defined projects or domains. Contribute to cross-functional security initiatives, executing clearly scoped pieces of larger efforts.
- Identify, prioritize, and help remediate application security risks in partnership with engineering teams.
- Apply secure-by-default patterns and approved architectures when designing or reviewing systems.
- Support cloud infrastructure security by integrating security controls into CI/CD pipelines, IAM, networking, and runtime environments.
- Partner with product and engineering teams to assess risk and recommend practical, risk-informed security improvements. Participate in application security design reviews and threat modeling for new and existing systems.
- Write code, reviews, and documentation to address vulnerabilities and reduce recurring classes of issues.
- Participate in security incident response and contribute to post-incident analysis and remediation.
In order to be successful, you must bring
- 4+ years of experience in software engineering, application security, or cloud infrastructure security.
- Practical experience with application security techniques such as threat modeling, secure design patterns, authentication and authorization, secrets management, and vulnerability remediation. Strong understanding of secure coding practices and common application security risks (e.g., OWASP Top 10).
- Experience securing cloud-native systems in AWS and/or GCP.
- Ability to assess security risks and break down complex problems, reason about tradeoffs, make sound recommendations, and deliver practical, impactful solutions with guidance when needed.
- Strong sense of ownership over assigned work, with the ability to execute independently and follow through.
- Clear written and verbal communication skills, including the ability to explain security issues to engineers with varying levels of security expertise.
- A growth mindset and interest in learning from more senior engineers and expanding depth in both application and cloud infrastructure security over time.
Expected salary ranges
- For candidates living in Ontario and British Columbia, the expected salary range for the role is currently $154,700.00 - $200,200.00.
Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Note: Thumbtack uses AI tools to support our resume screening process. However, our Recruiting team’s expertise and judgment guide hiring decisions.
#LI-Remote
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact: [email removed - click apply for more details].
If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack’s Privacy policy available at https://www.thumbtack.com/privacy/.
We put as much craftsmanship into candidate safety as we do into the hiring experience itself. While scammers may try to impersonate our team, we’ll never ask you for money, banking info, or SSNs during hiring. Check out our blueprint on how to spot the fakes.
