Senior Application Security Engineer (AI & Vulnerability)

Details

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, and countless opportunities to experiment and master your craft in a hyper-growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best.
• Lead and own ongoing operation and maintenance of Samsara’s vulnerability management program, ensuring consistent execution of processes.
• Assist in managing vulnerability scanning tools and help refine detection capabilities to improve accuracy and reduce false positives.
• Work closely with the Vulnerability Technical Program Manager to generate and distribute monthly and quarterly compliance reports.
• Collaborate with engineering teams to track and support the remediation of identified vulnerabilities, providing guidance on best practices.
• Assist in analyzing and triaging vulnerabilities, escalating critical issues to senior security engineers or Security Operations as needed.
• Participate in security incident investigations related to high-profile vulnerabilities, helping gather data and assess potential impact on Samsara infrastructure.
• Contribute to documentation and process improvements to streamline vulnerability management workflows.
• Champion Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) in daily work.
• Be regularly on call to support
• 6+ years of relevant experience with demonstrated impact for security engineering and vulnerability management in an enterprise environment.
• Significant experience with vulnerability management tooling, in particular modern toolsets such as Wiz, or Semgrep.
• Deep subject matter expertise with security engineering best practices for subjects such as CVSS, EPSS.
• Strong familiarity with common security vulnerabilities and the ability to judge their severity and impact on the business.
• Excellent development background with experience in Python or GoLang.
• Strong DevOps, DevSecOps, or SRE background with experience in AWS cloud services, and Terraform
• Experience using security automation platforms such as Tines and serverless frameworks such as AWS Lambda.
• Deep understanding of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), or Software Composition Analysis (SCA)
• Practical experience managing vulnerabilities within a FedRAMP-certified environment.
• Experience integrating vulnerability management into modern CI/CD pipelines with a “shift-left” mentality.