[Remote] Staff Application Security Engineer

Note: The job is a remote job and is open to candidates in USA. ServiceTitan is transforming product security into a core part of how engineering delivers software. They are seeking a Staff Application Security Engineer to define and scale secure software development practices, automate vulnerability detection, and partner with engineering teams to enhance security throughout the development lifecycle.

Responsibilities

• Pipeline Automation: Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention
• Secure by Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls
• Secrets and Supply Chain: Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API
• Secure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization
• Penetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and services
• Security Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programs
• Tooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA
• Simulation and Validation: Run proactive simulations based on emerging threats to validate defenses and identify gaps
• Security Design Reviews: Lead security design reviews and threat modeling for new and existing services
• Secure Architecture: Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack
• Emerging Threat Analysis: Continuously analyze evolving security threats, determine relevance, and implement centralized mitigations
• Technical Leadership: Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practices
• Contextual Training: Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introduced
• Triage to Automate: Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issues
• Incident Response: Participate in security incident response and support post incident analysis and remediation efforts
• Maintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security posture

Skills

• 7-10+ years of experience in Product/Application Security, with a strong background in software engineering
• Proficiency in C#/.NET (preferred) or Go/Java. You must be able to read code to find vulnerabilities and write code to fix them
• Experience moving security 'left' using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors
• Proven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manually
• Interest in the intersection of AI and Security, specifically in securing AI workloads, leveraging AI capabilities to embed security throughout the SDLC, and using AI agents for defense

Benefits

• Flextime, recognition, and support for autonomous work
• Flexible time off with ample learning and development opportunities to continue growing your career
• We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events
• Great work is rewarded through Bonusly, peer-nominated awards, and more
• Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents)
• FSA and HSA
• 401k match
• Telehealth options including memberships to One Medical
• Parental leave and support
• Up to $20k in fertility services (i.e. IUI and IVF)
• Surrogacy, and adoption reimbursement
• On demand maternity support through Maven Maternity
• Free breast milk shipping through Maven Milk
• Pet insurance
• Legal advisory services
• Financial planning tools

Company Overview

Company H1B Sponsorship