Senior Application Security Engineer

Ready to be a Titan?ServiceTitan is seeking an exceptional Senior Application Security Engineer to join one of the fastest growing tech startups in Southern California, backed by the best VC firms in the SaaS space. This individual plays a critical role working closely with the business and across the Engineering organization securing our development lifecycle through the adoption of security best practices. The ideal candidate has several years of development experience building systems/applications and then moved to application security. What You'll Do: ·        Perform security reviews of software designs and assist software engineers to ensure quality and robustness of our products.·        Validate and address vulnerability / threat findings from static and dynamic analysis tools.·        Develops and presents finding and remediation reports to audiences including team members from all department areas and levels of the company.·        Document and improve secure SDLC processes and standards.·        Facilitate threat modeling exercises to ensure accurate security design decisions are being made.·        Coordinate with security champions and other software engineers to ensure successful and timely remediation of vulnerabilities.·        Automate redundant tasks related to detection and reporting of vulnerabilities, suspicious application activity, coordination of response activities, etc.·        Maintain security testing tools and methodologies (e.g. SAST, SCA, DAST) in collaboration with other engineering teams.·        Design and implement security controls, policies, and procedures to protect applications and sensitive data from unauthorized access or modification.·        Stay up-to-date with the latest security trends, threats, and best practices in the Azure and C# ecosystems.·        Provide guidance and training to junior team members and developers on secure coding practices and application security.·        Work closely with the DevOps team to ensure that security is integrated into the CI/CD pipeline and continue to improve the overall security posture of the applications.·        Collaborate in incident response efforts for application security-related events, including conducting root cause analysis and recommending remediation actions.·        Contribute to the development, implementation, and enforcement of the organization's application security policies and standards.·        Evaluate, recommend, and implement application security tools and technologies to enhance the overall security posture of the organization's applications.What You'll Bring: ·        Bachelors - Computer Science degree + 7 years of experience required·        Masters - Computer Science degree + 4 years of experience preferred·        5+ years of experience in secure software development·        2+ years of experience in web application security and SSDLC practices·        Ability to learn new concepts, technologies and solve problems·        Knowledge of specific operational impacts of cybersecurity lapses·        Experience of working in an Agile team.·        Excellent communication and presentation skills·        Strong interpersonal skills with the ability to convey and relate ideas to others and work collaboratively to get things done·        Being a player coach - ability to motivate and mentor a team.·        Excellent written and verbal communication skills·        Security related certifications (CISSP, CEH, CSSLP, CCSP) is a plusSkills \ Knowledge: Expert knowledge of system development methodology, analytical/problem solving skills and relevant business and technology skills.·        Experience with application security tools such as DAST, IAST, RASP, and WAF tools·        Experience using SCA tools such as GitHub Secrets.·        Experience with CI/CD orchestration tools such as Jenkins or TeamCity.·        Proficient in a programming language such as C#, Java, JavaScript, Python, Rust, or Go·        Advanced knowledge of cyber threats and vulnerabilities·        Experience and knowledge of REST and SOAP Web Services APIs, Databases·        Knowledge of authentication, authorization, and access control methods, including oAuth, SAML, MFA, RBAC, and ABAC·        Knowledge of communication methods, principles, and concepts related to communication protocols (e.g., HTTPS, HTTP/2, WAP, and TLS)·        Experience with Azure, AWS, or GCP·        Knowledge of how to design solutions using modern encryption algorithms·        Experience in Business Process Management tools like Jira.Be Human With Us:Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us. What We Offer:When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.Holistic health and wellness benefits: Company-paid medical, dental, and vision (available to employees and their dependents day 1), parent and siblings’ insurance, pet insurance, wellness benefit, office massage, etc.Support for Titans at all stages of life: Parental leave and support, on demand maternity support through Maven Maternity, financial planning tools, Employee Assistance Program services, and moreAt ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.