Job Specifications
Anticipate attacks, outsmart threats and safeguard innovation.
Gallup is seeking a senior application cybersecurity engineer who thrives at the intersection of engineering and security. You'll partner with development teams to build secure by design applications, lead threat modeling efforts and strengthen our AWS cloud environments. This role offers the autonomy to innovate, the responsibility to safeguard critical systems and the opportunity to leave a lasting impact on how security scales across Gallup.
What You'll Do
Review and advise on secure design for web applications, APIs, CI/CD pipelines and AWS services
Lead and facilitate threat modeling (e.g., STRIDE, attack trees) to proactively identify risks
Partner with development teams to embed secure coding, conduct reviews and integrate security controls into pipelines
Perform and interpret application security testing, such as SAST, SCA, DAST, mobile, web and API penetration
Manage cloud security posture (CSPM) across AWS environments
Build and monitor AppSec-specific logs, alerts and dashboards
Develop tools, processes and playbooks that make secure by design scalable
Respond to urgent security incidents and coordinate with legal, security and engineering teams
Share knowledge and foster security awareness across engineering teams
What Makes You Stand Out
Clear communication: You turn complex risks into clear, actionable guidance.
Self-starter mindset: You thrive working independently while knowing when to pull in others.
Impactful speed: You move quickly without cutting corners, ensuring durable results.
Adaptive focus: You stay effective across shifting priorities and varied demands.
Calm under pressure: In urgent incidents, you bring clarity and steadiness.
Persistence and precision: You solve tough security challenges with practical, scalable solutions.
What You Need
Bachelor's degree in cybersecurity, information assurance, computer science or a related field required
At least five years of experience in enterprise application security engineering required
Hands-on experience with threat modeling, secure web/API design and penetration testing required
Proficiency with SAST, SCA, code reviews and DevSecOps pipelines required
Strong programming or scripting skills in at least one language (e.g., Python, JavaScript, C#, Java) required
Familiarity with AWS security best practices and Splunk preferred
Certifications such as OSWE, OSCP, GWAPT and GXPN preferred
A commitment to working on-site at Gallup's San Francisco office at least three days a week required
About Gallup
At Gallup, we change the world, one client at a time, through extraordinary analytics and advice on everything important facing humankind.
Gallup offers a robust benefits package that includes medical, dental, vision, life and other insurance options; a fully vested 401(k) retirement savings plan with company matching; an employee stock ownership program; mass transit reimbursement; family-building benefits; an employee assistance program; and various reimbursements and activities that enhance our associates' wellbeing. We also offer an estimated annual salary range of $150,000-$200,000 for this role. Salaries are based on a variety of factors, including an individual's education, experience and skills.
Gallup is an equal opportunity employer. We consider all qualified applicants without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender identity, or any other legally protected basis, in accordance with applicable law.
To review Gallup's Privacy Statement, please click this link: https://www.gallup.com/privacy. This privacy policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage and delete your information. Your application and the information you provide will be processed and stored in the United States.