Staff Application Security Engineer

Lead Application Security Elements: Own the execution and technical oversight of application security components, ensuring robust security controls are integrated throughout the development process. Secrets Management Leadership: Lead and manage the enterprise secrets management program, defining technical standards and implementing solutions to protect sensitive credentials across all environments. Offensive Security Collaboration: Partner closely with the Offensive Security Engineer on complex projects to proactively identify, validate, and remediate deep-seated application vulnerabilities. Incident Response & Forensic Support: Provide deep technical expertise and hands-on assistance during security events or investigations, helping to identify root causes and mitigate impact. Vulnerability Management & Triage: Work directly with Engineering teams to triage, prioritize, and communicate vulnerability findings from multiple internal and external sources. Secure SDLC & Threat Modeling: Proactively engage with development teams early in the SDLC to conduct threat modeling exercises and provide expert consultation on secure architecture. Mentorship and Advocacy: Act as a security champion and trusted advisor, elevating security knowledge across the organization through training and the development of secure coding guidelines. Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience with 10+ years of professional experience. Application Security Expertise: 8+ years of hands-on experience in application security, including secure code review, threat modeling, and managing AppSec tooling. Secrets Management Proficiency: Proven experience implementing and managing enterprise-grade secrets management solutions at scale. Technical Remediation: Expert-level knowledge of OWASP Top 10 and advanced vulnerability classes, with a demonstrated ability to architect and implement scalable remediation solutions. Scripting & Automation: Proficiency in languages such as Python, Go, or Bash to automate security workflows and build custom security tooling. Influence & Communication: Exceptional communication skills with the ability to influence technical and non-technical stakeholders across multiple global offices. Mentorship: A proven history of mentoring senior-level engineers and a passion for elevating the skills of those around you. Certifications: Professional certifications such as CSSLP, CASE, GWEB, or equivalent. Cloud Operations: Expertise in AWS or GCP security operations, specifically relating to serverless and containerized application security. DevSecOps: Experience in a Security Development Lifecycle (SDL) environment and a history of implementing DevSecOps principles. Community Engagement: Published security research, conference presentations, or active contributions to the open-source security community