Staff Engineer Application Security

Job Description

Key Responsibilities: As a Staff Engineer - Application Security , you will play a pivotal role in safeguarding our applications, ensuring they are secure by design. You will collaborate with cross-functional teams, including Engineering, DevOps, and Product, to identify potential vulnerabilities, define security best practices, and implement robust security measures. Lead the design and implementation of application security architecture across our SaaS platforms. Conduct security assessments, threat modelling, and code reviews to identify and mitigate vulnerabilities. Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes Collaborate with Engineering and Platform teams to integrate security best practices into the CI/CD pipeline. Perform penetration testing, security audits, and vulnerability assessments. Develop and maintain secure coding standards, guidelines, and training programs for engineering teams. Implement and manage security tools such as SAST, DAST, and other security automation solutions. Stay up to date with emerging security threats, technologies, and industry best practices. Respond to security incidents and work with incident response teams to investigate and remediate issues. Mentor and guide junior security engineers, fostering a culture of security awareness and continuous improvement. Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners Develop and manage a secure software development lifecycle Research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities Qualifications: Bachelor s or Master s degree in Computer Science, Information Security, or a related field. 8+ years of experience in Application Security, including secure software development and architecture. Strong knowledge of secure coding practices, OWASP Top 10, and common application vulnerabilities. Hands-on experience with security tools such as Snyk, SonarCloud, Burp Suite, Nessus, and others. Threat detection and incident response: familiar with security incidents, ability to develop proactive strategies to mitigate risks through close collaboration with teams. Familiarity with cloud security principles, preferably in AWS environments. Experience with CI/CD pipelines and integrating security into DevOps workflows (DevSecOps). Strong scripting and automation skills (e.g., Python, Bash, or similar). Excellent problem-solving skills and the ability to think like an attacker. Relevant certifications such as CISSP, OSCP, CEH, or similar are highly desirable. Relevant work experience in offensive security, penetration testing or red teaming Preferred Experience: Experience securing SaaS applications built with Java Spring and React. Familiarity with container security in Kubernetes (EKS) environments. Knowledge of compliance standards such as GDPR, SOC 2, or ISO 27001. Exposure to monitoring and alerting tools like New Relic, Datadog, or similar.