Senior Application Security Engineer at Polygon Labs

<h2>About Polygon Labs</h2><p style="min-height:1.5em">Polygon Labs is a global blockchain payments company building and operating infrastructure to move money instantly, reliably, and at internet scale, with the mission to move all money onchain. It is building the Polygon Open Money Stack, an open and integrated stack of services and technologies to instantly and reliably move money anywhere, and put it to work. Its infrastructure has facilitated trillions of dollars in onchain value transfer and supported millions of transactions daily for some of the globe's largest banks, fintechs, enterprises, and consumer applications.</p><p style="min-height:1.5em"></p><h2><strong>Your Role</strong></h2><p style="min-height:1.5em">Polygon's Application Security team sits at the intersection of every product we ship. With a growing engineering org, an active bug bounty program fielding 30+ open submissions at any given time, and products going live across smart contracts, backend services, and infrastructure simultaneously, the team needs more depth, not a gatekeeper, a builder. You will report directly to the Application Security Lead and work across every engineering team at every stage of development, from sprint planning to post-ship remediation. Your job is to make security scale faster than the attack surface grows.</p><p style="min-height:1.5em"></p><h2><strong>Your Responsibilities</strong></h2><ul style="min-height:1.5em"><li><p style="min-height:1.5em">Own end-to-end security reviews across smart contracts (Solidity), backend services (Go, TypeScript, Python), and frontend surfaces, producing written findings at the quality level of a top external audit firm, published and used as the internal standard</p></li><li><p style="min-height:1.5em">Build and ship an agentic security CI/CD pipeline: agent-driven review that runs autonomously against every PR and release candidate, reasons about changes in context, and gets smarter with each deployment</p></li><li><p style="min-height:1.5em">Design and maintain specialised AI-powered code reviewers tuned to specific vulnerability classes and surfaces, Solidity-aware, protocol-aware, and calibrated to the actual patterns Polygon's products surface</p></li><li><p style="min-height:1.5em">Triage and manage the bug bounty program: read incoming submissions daily, reproduce valid findings, separate signal from noise, assign severity, and route confirmed issues to engineering with enough context to fix them correctly, using custom AI workflows to maintain rigor at volume</p></li><li><p style="min-height:1.5em">Follow through on remediation: review proposed fixes, close out resolved findings, and push back where a fix addresses symptoms rather than root cause</p></li><li><p style="min-height:1.5em">Embed across engineering teams at all stages, sprint planning, design review, feature freeze, post-launch, as a working partner, not a sign-off function</p></li><li><p style="min-height:1.5em">Lead the team's AI secur