ServiceTitanRemote
Senior Application Security Engineer
United States of America
Full Time
2 weeks ago
$126,000 - $168,000 USD
H1B Sponsor Likely
Key skills
PythonJavaC#CGo.NETPowerShellAIGitHubSDLCCI/CDLeadershipPenetration Testing
About this role
ServiceTitan is transforming product security into a core part of how engineering delivers software. They are seeking a Senior Application Security Engineer to define and scale secure software development practices, automate vulnerability detection, and drive a shift toward secure development across the organization.
Responsibilities:
- Build the Secure Paved Road (Pipeline and Code)
- Pipeline Automation: Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention
- Secure by Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls
- Secrets and Supply Chain: Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API
- Secure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization
- Continuous Security Testing and Validation
- Penetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and services
- Security Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programs
- Tooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA
- Simulation and Validation: Run proactive simulations based on emerging threats to validate defenses and identify gaps
- Architecture and Threat Modeling
- Security Design Reviews: Lead security design reviews and threat modeling for new and existing services
- Secure Architecture: Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack
- Emerging Threat Analysis: Continuously analyze evolving security threats, determine relevance, and implement centralized mitigations
- Operational Support and Engineering Partnership
- Technical Leadership: Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practices
- Contextual Training: Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introduced
- Triage to Automate: Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issues
- Incident Response: Participate in security incident response and support post incident analysis and remediation efforts
- Continuous Improvement and Expertise
- Maintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security posture
Requirements:
- 5+ years of experience in Product/Application Security, with a strong background in software engineering
- Proficiency in C#/.NET or Go/Java. You must be able to read code to find vulnerabilities and write code to fix them
- Experience moving security 'left' using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors
- Proven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manually
- Proficiency in C#/.NET (preferred) or Go/Java
- Interest in the intersection of AI and Security, specifically in securing AI workloads, leveraging AI capabilities to embed security throughout the SDLC, and using AI agents for defense