Principal Application Security Engineer

Job Requisition ID #24WD76043Security Team @ AutodeskOur team of security experts helps Autodesk design, build, deploy and maintain secure products. We are advocating security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer's data and their investment in our products by strengthening our applications, underlying services and network.Position OverviewWe are looking for a passionate Principal Application Security Engineer to lead strategic direction, develop standards, guidelines, and policies for our application security program. You will lead "shift-left" security efforts to build security into the software development lifecycle (SDLC). You will drive a standardized set of security requirements and align policies to meet external regulatory requirements. Come practice and grow your security expertise at scale to keep Autodesk one step ahead of our adversaries!You will report to a Sr. Manager, Application Security EngineeringResponsibilitiesDefine our application security strategies, standards, policies, and roadmaps and champion their implementationGuide product stakeholders and teams to incorporate security into the SDLCEvaluate the threat landscape through architecture reviews, secure code reviews, and threat modelsExplore new and emerging technologies to identify security solutions to fill gaps or enhance capability and security valueReview output from SAST, DAST, and SCA tools and provide feedback on resultsEstablish security metrics and define KPIs for the application security programAssist PSIRT with analysis on vulnerability reports submitted by researchers and root cause analysisAssist in creation of security training and workshops for application teamsMinimum Qualifications8+ years of experience in application security including web application experience, desktop application experience, and secure coding practicesFamiliarity with industry standards and frameworks, such as OWASP Top Ten Project, NIST Cybersecurity Framework, SSDF, SLSAExpertise in threat modeling methodologies and toolsExperience with PKI/certificates and cryptographyFamiliarity with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis tools and methodologiesProficiency with at least one common programming language such as Python, Golang, Java, C/C++, or JavascriptExperience with cloud computing technologies, especially AWS (Amazon Web Services) or AzureExperience with Git, Jenkins, Artifactory, or other similar technologiesStrong communication skills with the ability to converse with multiple types of audiencesExperience collaborating with distributed teams and other partners#LI-POST#LI-DV1Learn MoreAbout AutodeskWelcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made. We take great pride in our culture here at Autodesk – our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers. When you’re an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!BenefitsFrom health and financial benefits to time away and everyday wellness, we give Autodeskers the best, so they can do their best work. Learn more about our benefits in the U.S. by visiting https://benefits.autodesk.com/Salary transparencySalary is one part of Autodesk’s competitive compensation package. For U.S.-based roles, we expect a starting base salary between $138,100 and $223,300. Offers are based on the candidate’s experience and geographic location, and may exceed this range. In addition to base salaries, we also have a significant emphasis on annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.Equal Employment Opportunity At Autodesk, we're building a diverse workplace and an inclusive culture to give more people the chance to imagine, design, and make a better world. Autodesk is proud to be an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider for employment all qualified applicants regardless of criminal histories, consistent with applicable law.Diversity & BelongingWe take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belongingAre you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site).