SentinelOneRemote
Sr. Staff Back-End AppSec Engineer
United States of America
Full Time
3 weeks ago
$184,000 - $230,000 USD
No H1B
Key skills
PythonDjangoFlaskFastAPINode.jsTypeScriptExpressNestJSReactNext.jsAngularOWASP Top 10CWE Top 25SAMLOAuthOIDCJWTStatic Application Security Testing (SAST)AI-assisted code reviewPython packaging and dependency resolution pipPython packaging and dependency resolution PoetryPython packaging and dependency resolution uvJavaScript packaging and dependency resolution npmJavaScript packaging and dependency resolution pnpmJavaScript packaging and dependency resolution yarnGitCI/CD pipelinesBuild-pipeline security controlsAI accelerated developmentAIMLAgenticnpmyarnpnpmpippoetrySource ControlCI/CDCommunicationOWASP
About this role
SentinelOne is a pioneering company at the intersection of AI and security, dedicated to protecting global enterprises and critical infrastructure. As a Sr. Staff Back-End AppSec Engineer, you will lead customer engagements, validate findings from code scanning, and mentor other engineers while enhancing the company's security methodologies.
Responsibilities:
- Lead Wayfinder Frontier AI Services customer engagements end-to-end, scope the work, deliver the technical findings, and present results to executive and technical stakeholders
- Review and triage findings from our agentic code scanning pipeline against customer Python and JS codebases. Validate true positives, eliminate noise, and ensure every finding that reaches the customer is a decision they can act on
- Conduct deep code review across Python and Node.js code and common frameworks
- Present findings to stake holders, translate technical risk into business impact and map exposures into end-to-end exploitation chains
- Author and maintain SAST rule packs that scale across the customer base, and partner with our AI/ML engineers to improve our agentic scanning engine
- Provide expert remediation guidance to customer development teams and validate fixes through follow-up review
- Work closely with our engineering teams to enhance our agentic code scanning pipeline, and reduce false positives
- Mentor Senior-level AppSec engineers and dev-skilled threat hunters; raise the technical bar of the practice and shape the service line's methodology, engagement playbooks, and scoping templates
Requirements:
- 7+ years in application security or product security with a strong software development background
- Proven track record translating complex findings into technical and executive-level debriefs. Excellent written and verbal communication is essential
- Experience delivering customer-facing or consulting-style engagements end-to-end, comfortable in a distributed remote organization
- Expert-level Python backend stack; Django, Flask, FastAPI
- Expert-level Node.js / TypeScript; Express, NestJS
- Working knowledge of front-end framework (React, Next.js, or Angular) and can follow how auth, CSRF, and data move between the client and the API
- Mastery of OWASP Top 10, CWE Top 25, and modern authentication infrastructure (SAML, OAuth, OIDC, JWT internals)
- Hands-on experience authoring custom static-analysis rules and queries for modern SAST engines; familiarity with AI-assisted code review workflows and validating findings produced by automated and agentic analysis pipelines
- Working knowledge of Python and JS packaging and dependency-resolution behaviors (pip/Poetry/uv; npm/pnpm/yarn) and the supply-chain failure modes specific to each
- Fluency with Git-based source control and CI/CD pipelines, including build-pipeline security controls, runner hardening, and release-gate enforcement
- Experience with AI accelerated development / code scanning methodologies