Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, SaaS, HR TechnologyIndustries
Requirements
- Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
- Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
- Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
Responsibilities
- Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
- Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
- Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
- Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
- Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
- Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
- Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
- Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
- Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
Skills
Application Security
Threat Modeling
Security Reviews
SDLC Security
Security Automation
Developer Enablement
Compliance
Mentoring
SaaS Security
Culture Amp
People analytics platform for employee engagement
About Culture Amp
Culture Amp provides a people analytics platform aimed at improving employee engagement, performance, and retention within organizations. The platform includes tools for gathering and analyzing employee feedback, conducting performance reviews, and monitoring goals. By utilizing powerful analytics and action planning features, Culture Amp helps businesses make informed, data-driven decisions to enhance workplace culture and employee experience. Unlike many competitors, Culture Amp focuses specifically on the HR technology sector, which is rapidly expanding as companies prioritize employee engagement. The company operates on a subscription-based model, offering various pricing tiers tailored to the size of the organization and the features needed.
Melbourne, AustraliaHeadquarters
2009Year Founded
$267.4MTotal Funding
SERIES_FCompany Stage
Data & Analytics, ConsultingIndustries
1,001-5,000Employees
Benefits
Employee Share Options Program
Professional Development Budget
Mental Health Support
Monthly Camper Life Allowance
Team budgets dedicated to team building activities and connection
Paid Vacation
Paid Holidays
Extended year-end breaks
Excellent parental leave and in work support program available from day 1 of joining Culture Amp
5 Social Impact Days a year to make a positive impact on the community outside of work
Home Office Stipend
Medical insurance coverage for you and your family (Available for US & UK only)
Risks
Emerging HR tech startups offering cheaper solutions threaten Culture Amp's market share.
Rapid AI advancements may require Culture Amp to invest heavily to stay competitive.
Data privacy concerns and regulatory changes could impact Culture Amp's operations in key markets.
Differentiation
Culture Amp integrates AI to streamline HR feedback analysis, enhancing efficiency.
The acquisition of Orgnostic boosts Culture Amp's data analytics capabilities significantly.
Culture Amp's People Analytics product offers a unified platform for comprehensive workforce insights.
Upsides
Neera Desai's appointment as GM could strengthen Culture Amp's North American market presence.
Collaboration with Sonder emphasizes employee wellbeing, potentially leading to new wellness features.
AI integration in feedback analysis allows HR teams to focus on strategic initiatives.
Related Jobs
RemoteRemoteSenior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteApplication Security Lead
Accurate BackgroundSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSecurity Engineer, Cloud Security
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemotePrincipal DevSecOps Engineer
Second Front SystemsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Software Engineer, Secure Agents
CohereSalary not specified
- Full Time
- Senior (5 to 8 years)