Senior Application Security Engineer
Ready to be a Titan?
ServiceTitan is seeking an exceptional Senior Application Security Engineer to join one of the fastest growing tech startups in Southern California, backed by the best VC firms in the SaaS space. This individual plays a critical role working closely with the business and across the Engineering organization securing our development lifecycle through the adoption of security best practices. The ideal candidate has several years of development experience building systems/applications and then moved to application security.
What You'll Do:
- Security Excellence: Conduct thorough security reviews of software designs, collaborating with software engineers to ensure top-notch quality and robustness in our products.
- Vulnerability Management: Validate and address findings from static and dynamic analysis tools, ensuring a secure software environment.
- Communication Mastery: Develop and present comprehensive findings and remediation reports to diverse audiences, fostering collaboration across all department areas.
- Process Enhancement: Document and improve secure Software Development Life Cycle (SDLC) processes and standards, contributing to a culture of security excellence.
- Threat Modeling: Facilitate threat modeling exercises to make informed and secure design decisions, ensuring proactive security measures.
- Automation Champion: Automate redundant tasks related to vulnerability detection and reporting, streamlining response activities and elevating efficiency.
- Tool Mastery: Maintain security testing tools and methodologies in collaboration with other engineering teams, ensuring we stay at the forefront of security.
- Security Controls: Design and implement security controls, policies, and procedures to safeguard applications and sensitive data from unauthorized access or modification.
- Stay Ahead: Stay up-to-date with the latest security trends, threats, and best practices in the Azure and C# ecosystems.
- Guidance and Training: Provide guidance and training to junior team members and developers on secure coding practices and application security.
- DevOps Collaboration: Work closely with the DevOps team to integrate security into the CI/CD pipeline, contributing to the continuous improvement of our overall security posture.
- Incident Response: Collaborate in incident response efforts for application security-related events, conducting root cause analysis and recommending effective remediation actions.
- Policy and Standards: Contribute to the development, implementation, and enforcement of the organization's application security policies and standards.
- Innovation: Evaluate, recommend, and implement application security tools and technologies, driving innovation to enhance our organization's overall security posture.
What You'll Bring:
- Education & Experience: A Bachelor's degree in Computer Science paired with 7 years of hands-on experience is a must. A Master's degree in Computer Science with 4 years of experience is preferred.
- Software Development Mastery: Bring at least 5 years of experience in secure software development, showcasing your expertise in crafting robust and secure solutions.
- Web Application Security Guru: With a minimum of 2 years of experience in web application security and Secure Software Development Life Cycle (SSDLC) practices, you'll be at the forefront of safeguarding our applications.
- Continuous Learner: Demonstrate your ability to quickly grasp new concepts and technologies, showcasing your problem-solving skills.
- Operational Insight: Possess knowledge of the specific operational impacts of cybersecurity lapses, reflecting your holistic understanding of security.
- Agile Collaboration: Thrive in an Agile team environment, contributing your skills and expertise to collaborative projects.
- Communication Excellence: Your excellent communication and presentation skills will be key in conveying complex security concepts to diverse audiences.
- Collaborative Spirit: Display strong collaborative skills, fostering teamwork and effectively relating ideas to others. Be a team player who gets things done.
- Player Coach Mentality: Embrace the role of a player coach, motivating and mentoring your team to achieve excellence.
- Certification Advantage: Hold security-related certifications such as CISSP, CEH, CSSLP, or CCSP? That's a definite plus!
Skills \ Knowledge: Expert knowledge of system development methodology, analytical/problem solving skills and relevant business and technology skills.
- Methodology Mastery: Demonstrate expert knowledge of system development methodology, coupled with strong analytical and problem-solving skills. Bring relevant business and technology skills to the table.
- Security Tool Proficiency: Showcase your experience with cutting-edge application security tools such as DAST, IAST, RASP, and WAF tools, empowering our defense against cyber threats.
- SCA Tools Expertise: Utilize your expertise in using SCA tools, including GitHub Secrets, to ensure the integrity of our codebase.
- CI/CD Orchestration: Leverage your experience with CI/CD orchestration tools like Jenkins or TeamCity, contributing to the seamless integration of security measures.
- Cybersecurity Depth: Bring advanced knowledge of cyber threats and vulnerabilities, staying one step ahead in our security strategy.
- API and Database Fluency: Exhibit experience and knowledge of REST and SOAP Web Services APIs, along with a deep understanding of databases.
- Access Control Mastery: Showcase your knowledge of authentication, authorization, and access control methods, including OAuth, SAML, MFA, RBAC, and ABAC.
- Communication Protocols: Possess knowledge of communication methods and principles, particularly related to communication protocols like HTTPS, HTTP/2, WAP, and TLS.
- Cloud Expertise: Demonstrate experience with cloud platforms such as Azure, AWS, or GCP, contributing to a secure cloud environment.
- Encryption Alchemy: Showcase your knowledge of designing solutions using modern encryption algorithms, enhancing our data protection strategies.
- BPM Tool Experience: If you're familiar with Business Process Management tools like Jira, it's an added bonus!
Be Human With Us:
Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us.
What We Offer:
When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:
Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
Holistic health and wellness benefits: Company-paid medical, dental, and vision (available to employees and their dependents day 1), parent and siblings’ insurance, pet insurance, wellness benefit, office massage, etc.
Support for Titans at all stages of life: Parental leave and support, on demand maternity support through Maven Maternity, financial planning tools, Employee Assistance Program services, and more
At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.