Staff Application Security Engineer at Culture Amp

Sydney, New South Wales, Australia

Apply Now
Culture Amp Logo
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, SaaS, HR TechnologyIndustries

Requirements

  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)

Responsibilities

  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community

Skills

Key technologies and capabilities for this role

Application SecurityThreat ModelingSecurity ReviewsSDLC SecuritySecurity AutomationDeveloper EnablementComplianceMentoringSaaS Security

Questions & Answers

Common questions about this position

What are the main responsibilities of the Staff Application Security Engineer?

You will lead complex application security reviews, threat modeling, and risk assessments; collaborate to embed security into the SDLC; develop security automation tools; identify and address vulnerabilities in SaaS environments; own vulnerability management; and mentor engineers to foster security awareness.

What skills and experience are required for this role?

Expertise in application security, threat modeling, secure SDLC (DevSecOps), security automation, vulnerability management in cloud-native and microservices architectures, and senior-level technical leadership including mentoring is required.

Is this position remote or does it require office presence?

This information is not specified in the job description.

What is the salary or compensation for this role?

This information is not specified in the job description.

What kind of company culture can I expect at Culture Amp?

Culture Amp emphasizes a collaborative environment with amazing humans, championing security awareness, continuous improvement, knowledge sharing, and working together across engineering, product, and security teams to make a better world of work.

Culture Amp

People analytics platform for employee engagement

Website

About Culture Amp

Culture Amp provides a people analytics platform aimed at improving employee engagement, performance, and retention within organizations. The platform includes tools for gathering and analyzing employee feedback, conducting performance reviews, and monitoring goals. By utilizing powerful analytics and action planning features, Culture Amp helps businesses make informed, data-driven decisions to enhance workplace culture and employee experience. Unlike many competitors, Culture Amp focuses specifically on the HR technology sector, which is rapidly expanding as companies prioritize employee engagement. The company operates on a subscription-based model, offering various pricing tiers tailored to the size of the organization and the features needed.

Melbourne, AustraliaHeadquarters
2009Year Founded
$267.4MTotal Funding
SERIES_FCompany Stage
Data & Analytics, ConsultingIndustries
1,001-5,000Employees

Benefits

Employee Share Options Program
Professional Development Budget
Mental Health Support
Monthly Camper Life Allowance
Team budgets dedicated to team building activities and connection
Paid Vacation
Paid Holidays
Extended year-end breaks
Excellent parental leave and in work support program available from day 1 of joining Culture Amp
5 Social Impact Days a year to make a positive impact on the community outside of work
Home Office Stipend
Medical insurance coverage for you and your family (Available for US & UK only)

Risks

Emerging HR tech startups offering cheaper solutions threaten Culture Amp's market share.
Rapid AI advancements may require Culture Amp to invest heavily to stay competitive.
Data privacy concerns and regulatory changes could impact Culture Amp's operations in key markets.

Differentiation

Culture Amp integrates AI to streamline HR feedback analysis, enhancing efficiency.
The acquisition of Orgnostic boosts Culture Amp's data analytics capabilities significantly.
Culture Amp's People Analytics product offers a unified platform for comprehensive workforce insights.

Upsides

Neera Desai's appointment as GM could strengthen Culture Amp's North American market presence.
Collaboration with Sonder emphasizes employee wellbeing, potentially leading to new wellness features.
AI integration in feedback analysis allows HR teams to focus on strategic initiatives.

Related Jobs

United States
Remote iconRemote

Senior Application Security Engineer

M&T Bank
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States
Remote iconRemote

Senior Security Engineer, Application Security

Trail of Bits
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Application Security Lead

Accurate Background
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
United States
Remote iconRemote

Security Engineer, Cloud Security

Red Cell Partners
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
Remote
Remote iconRemote

Principal DevSecOps Engineer

Second Front Systems
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
Toronto +3 more
Remote iconRemote

Senior Software Engineer, Secure Agents

Cohere
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)

Land your dream remote job 3x faster with AI

Try Jobo Free