LAIKA is seeking an Application Security Engineer (AppSec) to join our Information Security team and play a vital role in protecting the creative and technical foundation of our studio. From the animation stages to the cloud, you’ll be designing and implementing robust security strategies that keep our content—and the technology that empowers it—safe, secure, and resilient.
In this role, you’ll partner with software engineers, site reliability engineers (SREs), and technology leaders to conduct in-depth assessments, penetration tests, and vulnerability analyses across a wide range of environments. Your work will directly support the protection of LAIKA’s proprietary tools and workflows, ensuring our stories reach the world untarnished.
Job FunctionsBuild & Strengthen Security:- Conduct security assessments and code audits to identify and mitigate vulnerabilities.
- Perform penetration testing across web applications, plugins, SaaS platforms, IoT devices, and networks.
- Analyze and test source code for security flaws and recommend mitigation strategies.
- Administer application security testing tools, including SAST, DAST, and IAST (static, dynamic, and interactive analysis).
- Develop solutions to drive remediation of security issues through product security tests, bug bounty programs, and vulnerability disclosure programs.
- Work alongside developers, technology leaders, and external partners to address security risks.
- Collaborate with internal teams to design and implement security best practices across the development lifecycle.
- Support security initiatives related to DevOps, SRE, and cloud security architectures.
- Research, evaluate, and recommend new security tools and methodologies to improve testing capabilities.
- Apply API security best practices and work with public cloud platforms (AWS, Azure, GCP).
- Utilize red teaming and vulnerability assessment tools (Metasploit, Kali, Nessus, Cobalt Strike, Acunetix).
- Manage knowledge repositories and CI/CD pipelines using GitHub, GitLab, Jenkins, Perforce, Jira, and Confluence.
- Stay ahead of emerging cybersecurity threats and continuously improve security testing methodologies.
- Develop comprehensive security reports and presentations for technical and executive audiences.
- 5+ years of experience in cybersecurity OR 7+ years in software engineering with a focus on security.
- Strong understanding of web application security, cloud security, and API security best practices.
- Hands-on experience with application penetration testing (required).
- Experience working in cross-functional teams, collaborating with engineers, SREs, and leadership.
- Proficiency in application development and scripting (Python preferred; Perl, Go, or Ruby a plus).
- Familiarity with public cloud security architectures (AWS, Azure, GCP).
- Expertise with security testing tools, including SAST, DAST, IAST, and vulnerability assessment platforms.
- Experience with CI/CD security best practices and DevSecOps methodologies.
- OSCP, GPEN, or GWAPT certifications or equivalent experience.
The physical demands and work environment characteristics described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
- Physical demands: While performing the duties of this job, the employee is required to walk; stand; sit; use hands to operate standard office equipment; reach with hands and arms; balance; stoop; talk or hear both in person and by telephone. The employee must lift and/or move up to 15 pounds. Vision abilities include close vision, distance vision, and the ability to adjust focus.
- Work environment: While performing the duties of this job, the employee works under typical office conditions and is exposed to variable indoor temperatures. The noise level is usually quiet or moderate.
On-site in Hillsboro, OR, and eligible for hybrid work.
SalarySalary is commensurate with skills and experience.
The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.
Please review our EMPLOYMENT DISCLAIMER and MATERIALS SUBMISSION AGREEMENT.
Similar Jobs
What We Do
LAIKA was founded in 2005 in Oregon and is guided by the vision of its President & CEO Travis Knight. Located just outside Portland, Oregon, LAIKA was awarded a Scientific and Technology Oscar® for its innovation in 3D printing in 2016. Its five films - Missing Link (2019); Kubo and the Two Strings (2016); The Boxtrolls (2014); ParaNorman (2012), and Coraline (2009) - were all nominated for Oscars® and PGA Awards as Outstanding Animated Film. Missing Link was the first LAIKA film to win the Golden Globe® for Best Animated Feature and was awarded two Visual Effects Society (VES) awards for Outstanding Visual Effects in an Animated Feature and Outstanding Animated Character, and received seven Annie Award nominations. Kubo received a second Oscar® nomination for Outstanding Visual Effects and won the BAFTA Award, as well as three Annie Awards, the National Board of Review's Best Animated Feature citation, and 19 regional and critics’ group awards. The Boxtrolls earned Critics’ Choice and Golden Globe Award nominations and 13 Annie Award nominations, more than any other film that year. ParaNorman garnered BAFTA, Critics’ Choice, and GLAAD Media Award nominations, won two Annie Awards, and was cited as the year’s best animated film by 14 critics’ groups. Coraline earned Golden Globe, BAFTA, and Critics’ Choice nominations and was named one of the year’s 10 Best Films by the American Film Institute (AFI). For more information, visit http://www.LAIKA.com.
