Senior Application Security Engineer

Ready to be a Titan?ServiceTitan is at a strategic inflection point. We are evolving our Product Security program from a reactive posture to a proactive, strategic engine. We are looking for an exceptional Senior Application Security Engineer to help us build a "Secure Paved Road"—an automated, self-service ecosystem that enables our 80+ R&D squads to build securely by default.In this role, you will be the "Pipeline Architect." While your counterpart secures the cloud infrastructure, you will secure the software supply chain. You will configure the scanning tools, write the CI/CD guardrails, and implement the automation that allows us to scale application security without slowing down development velocity.What you’ll do:1. Build the "Secure Paved Road" (Pipeline & Code)Pipeline Automation: Deeply integrate GitHub Advanced Security (GHAS) into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention.Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built-in from the start.Secrets & Supply Chain: Lead the "Autonomous Hardcoded Secrets Mitigation" initiative. You will automate the detection of secrets in code and build workflows to validate compromised credentials via API.2. Autonomous Pen Testing (AI-Driven)Terra Implementation: Lead the "Onboard Continuous Pen Testing" initiative using Terra. You will configure this AI-agentic tool to autonomously test our web applications for vulnerabilities.Squad Customization: Tailor Terra's testing parameters for specific squad customizations, ensuring the AI understands the context of different microservices and business units.Simulation & Validation: Use Terra to run proactive simulations based on emerging threats to validate our defenses in real-time.3. Securing AI & Emerging TechAI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle.AI-Driven Tooling: Help operationalize Clover Security AI to act as a "GPS" for developers, tuning the system to provide accurate, on-demand threat modeling and design advice.4. Operational Support & MentorshipTechnical "Pit Crew": Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities.Contextual Training: Assist in setting up "Just-in-Time" training campaigns in GitHub that trigger specific micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code.Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands-on work to identify the "noise" and pattern-match recurring issues, directly informing which guardrails you build next.What you’ll bring:Experience: 5+ years of experience in Product/Application Security, with a strong background in software engineering.Coding Expertise: Proficiency in C#/.NET (preferred) or Go/Java. You must be able to read code to find vulnerabilities and write code to fix them.Modern AppSec: Experience moving security "left" using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors.Automation Mindset: Proven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.AI Forward: Interest in the intersection of AI and Security, specifically in securing AI workloads or using AI agents (like Terra) for defense.Why this role?From Queue to Code: You won't be stuck in a queue of tickets forever. You are being hired to kill the queue. You will have the autonomy to take our volume of SAST/SCA findings and architect the solution that makes them disappear.Measurable Impact: Your automation work will be the primary driver in significantly reducing our critical vulnerability backlog, directly impacting our organizational risk posture.Innovation: Join a team that is actively integrating AI into the security lifecycle, from automated remediation to autonomous threat modeling using tools like Terra and Clover.When you will work: Mon-Fri 11Am - 8Pm (Armenia) Be Human With Us:Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us. What We Offer:When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.Holistic health and wellness benefits: Company-paid medical, dental, and vision (available to employees and their dependents day 1), parent and siblings’ insurance, wellness benefit, office massage, etc.Support for Titans at all stages of life: Parental leave and support, financial planning tools, Employee Assistance Program services, and more.At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.