AppSec Engineer

About Karbon

Karbon is the global leader in AI‑powered practice management software for accounting firms. We provide an award‑winning cloud platform that helps tens of thousands of accounting professionals work more efficiently and collaboratively every day. With customers in 40 countries, we have grown into a globally distributed team across the US, Australia, New Zealand, Canada, the United Kingdom, and the Philippines. We are well‑funded, ranked #1 on G2, growing rapidly, and have a people‑first culture that is recognized with Great Place To Work® certification and on Fortune magazine’s Best Small Workplaces™ List.

• Balance Speed and Quality – Engineers are expected to balance delivery speed with a strong commitment to quality, meeting agreed timelines while producing reliable, maintainable, and well‑tested solutions.
• Collaborate Effectively – Engineering is collaborative by default. Team members are expected to contribute constructively in design discussions, reviews, and planning, communicate clearly about progress and risks, and support shared team outcomes in both hybrid and distributed environments.
• Build and Maintain Systems – Engineers are responsible for building new capabilities while maintaining and improving existing systems. This includes designing scalable solutions, reducing technical debt, supporting operational stability, and contributing to continuous improvement.
• Operate with Autonomy – A high degree of autonomy is expected. Given clear objectives, engineers should independently translate problems into actionable technical approaches, proactively identify improvements, and continuously expand relevant technical expertise.
• Ownership and Accountability – Ownership is fundamental. Engineers are accountable for the quality, performance, and customer impact of their work from design through post‑release support, and are expected to follow through on commitments.
• AI‑Enabled Engineering – AI is reshaping how software is built, and we are committed to leveraging it as a force multiplier. Engineers are expected to confidently apply strong technical fundamentals while embracing AI tools and approaches to enhance productivity, problem‑solving, and innovation.
• Contribute to Team Culture – Engineers contribute positively to a culture of professionalism, transparency, low bureaucracy, and mutual respect, strengthening team performance through authenticity, curiosity, and collaboration.

Seeking a development & cloud focused App Sec Engineer to join our expanding security team. The ideal candidate will have a passion for App Sec, Cloud and AI. They will be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes.

AI is reshaping practices across the board and at Karbon we’re fully committed. We don’t see AI as a replacement but as a force multiplier. We’re looking for Security Engineers who are confident in network & security fundamentals, driven to grow, and excited by the challenges and opportunities AI brings.

• Partner with different areas within Karbon – Ensuring security is embedded from the start from feature design and development to participating in design reviews and threat modelling.
• Balance Security and Delivery – Communicate security risks and issues to non‑technical stakeholders, understand when to push back or compromise, and work with delivery teams to reach a great outcome.
• Keep up to date on the latest technologies and approaches – Excited by new developments such as AI, with an understanding of foundational practices such as good account hygiene, least privilege, attack surface reduction, and MFA.
• Identify and assess security risks introduced by AI tools – Assist with reviewing the risks of AI tooling usage & integration and AI‑generated code.
• Apply AI‑assisted tooling to accelerate security work – Utilize AI across triage, threat detection, code review, and documentation.
• Flexibility and confidence to work across multiple security domains – Exposure to various security domains, from IT security processes to cloud systems…