ServiceTitan
Senior Application Security Engineer
Rol remoto de Application Security con fit claro de ubicación del candidato.
Publicado3 jul 2026
Países elegibles1 país aceptado
Señal de senioritySenior
Modelo de trabajoRemoto
Ubicaciones aceptadas para candidatos
Estados Unidos
Resumen del rol
Senior Application Security Engineer
Requisitos y responsabilidades
Contenido del rol extraído en secciones para revisar más rápido.
Build the Secure Paved Road (Pipeline and Code)
- Pipeline Automation: Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention.
- Secure by Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls.
- Secrets and Supply Chain: Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API.
- Secure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization.
Continuous Security Testing and Validation
- Penetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and services.
- Security Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programs.
- Tooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA.
- Simulation and Validation: Run proactive simulations based on emerging threats to validate defenses and identify gaps.
Architecture and Threat Modeling
- Security Design Reviews: Lead security design reviews and threat modeling for new and existing services.
- Secure Architecture: Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack.
- Emerging Threat Analysis: Continuously analyze evolving security threats, determine relevance, and implement centralized mitigations.
Operational Support and Engineering Partnership
- Technical Leadership: Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practices.
- Contextual Training: Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introduced.
- Triage to Automate: Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issues.
- Incident Response: Participate in security incident response and support post incident analysis and remediation efforts.
Continuous Improvement and Expertise
- Maintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security posture.
What you’ll bring:
- Experience: 7-10+ years of experience in Product/Application Security, with a strong background in software engineering.
- Coding Expertise: Proficiency in C#/.NET (preferred) or Go/Java. You must be able to read code to find vulnerabilities and write code to fix them.
- Modern AppSec: Experience moving security "left" using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors.
- Automation Mindset: Proven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.
- AI Forward: Interest in the intersection of AI and Security, specifically in securing AI workloads, leveraging AI capabilities to embed security throughout the SDLC, and using AI agents for defense.
What We Offer:
- Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
- Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
- Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.
Roles similares
Mantén una lista de respaldo.
CI/CD, Java 8 países aceptados
Application Security EngineerMorgan StanleyVer rol Java, Python USA
Application Security Engineer (Tech Lead)Morgan StanleyVer rol Java, Python USA
Application Security Engineer (Middle)Morgan StanleyVer rol Java, Python USA
Application Security Engineer (Senior)Morgan StanleyVer rol Stack
Usa estas tags para comparar roles remotos similares.
Elegibilidad de ubicación
Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.
Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.
Flujo de contratación
WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.
1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.