CrawlJobs Logo

Software Engineer, Application Security

glean.com Logo

Glean

Location Icon

Location:
United States , San Francisco Bay Area

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

185000.00 - 280000.00 USD / Year
Save Job
Save Icon
Apply Position

Job Description:

Glean is looking for an experienced Application Security Engineer with a primary focus on ensuring that our entire technology stack is free of software vulnerabilities (CVEs). This role is responsible for securing our base OS images, ensuring all open-source software (OSS) dependencies are scanned and patched, and integrating cutting-edge security tools into our CI/CD pipeline. The ideal candidate will drive the adoption of solutions like Google’s Assured Open Source Software (OSS) and explore alternative approaches to enhance software security. This role will lead the vulnerability management charter at Glean, identifying, evaluating, and implementing new security technologies and processes to proactively protect our infrastructure.

Job Responsibility:

  • Own and lead the vulnerability management lifecycle, ensuring our entire tech stack is free from known CVEs
  • Implement and manage secure base OS images, ensuring all underlying systems remain hardened against security threats
  • Continuously scan, monitor, and patch OSS dependencies to mitigate supply chain risks and enforce best practices for dependency management
  • Research and evaluate trusted open-source security solutions like Google’s Assured Open Source Software and recommend their adoption where applicable
  • Work closely with engineering teams to integrate state-of-the-art SAST, DAST, and dependency scanning tools into the CI/CD pipeline to detect and remediate vulnerabilities early
  • Define and maintain best practices for secure coding to ensure all code developed by Glean engineers is free from vulnerabilities
  • Develop automated security validation tests to enforce vulnerability-free deployments across the stack
  • Lead the adoption and, if necessary, develop custom security solutions to manage and mitigate security risks at scale
  • Provide security guidance, training, and mentorship to engineering teams to foster a security-first culture at Glean

Requirements:

  • BA/BS in Computer Science, Cybersecurity, or a related field (or equivalent industry experience)
  • 5+ years of experience in application security and vulnerability management
  • Deep understanding of software security vulnerabilities, including CVEs, OWASP Top 10, and supply chain risks
  • Experience with SAST, DAST, dependency scanning, and vulnerability management tools (e.g., Snyk, GitHub Dependabot, Trivy, Clair, Burp Suite, OWASP ZAP)
  • Strong familiarity with package managers (npm, pip, Maven, Go modules) and securing open-source dependencies
  • Coding experience in languages such as Go, Python, Java, or C++ to develop security test cases and tooling
  • Hands-on experience with cloud-native security best practices across AWS, GCP, or Azure
  • Knowledge of container security, Kubernetes security, and securing microservices architectures
  • Ability to lead cross-functional initiatives and drive security adoption within engineering teams

Nice to have:

  • A strong proactive approach to security, identifying risks before they become problems
  • Excellent problem-solving skills and the ability to balance security with performance and usability
  • Experience working in fast-paced, highly collaborative environments where security is a shared responsibility
  • Passion for open-source security and keeping up with the latest trends in software vulnerability management
What we offer:
  • Competitive compensation
  • Medical, Vision and Dental coverage
  • Flexible work environment and time-off policy
  • 401k
  • Company events
  • A home office improvement stipend when you first join
  • Annual education stipend
  • Wellness stipend
  • Healthy lunches and dinners provided daily

Additional Information:

Job Posted:
January 06, 2026

Employment Type:
Fulltime
Work Type:
Hybrid work
Icon
Glean - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Software Engineer, Application Security

Application Security Engineer

At JFrog, we’re ​​running the software that runs the world – and we want you alo...
Location
Location
Israel , Netanya/Tel Aviv
Salary
Salary:
Not provided
jfrog.com Logo
JFrog
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in AppSec And Product Security
  • Deep Knowledge in Application security and Vulnerabilities
  • Strong coding/scripting background (e.g., Python, Go, Java, JavaScript)
  • Hands-on experience with CI/CD pipelines, security tools, and DevSecOps practices
  • Familiarity with modern architectures (e.g., Cloud, microservices, containers, Kubernetes)
  • Understanding of software development processes and secure coding principles
  • Strong communication and collaboration skills
Job Responsibility
Job Responsibility
  • Assist in the development of internal security tools and AI agents
  • Support the design and implementation of SSDLC practices and automated security controls across the CI/CD pipeline
  • Contribute to building and operating scalable vulnerability management frameworks across cloud-native services and SaaS products
  • Integrate security into Agile and DevOps processes, including threat modeling, SAST, DAST, and SCA
  • Develop Internal application security Tools and Automations
  • Partner with development and DevOps teams to embed security early and often
  • Contribute to secure code reviews and assist with remediation strategies
  • Track, triage, and report vulnerabilities across product lines
  • Support the adoption of secure development best practices
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Application Security Engineering Lead

Join us at Barclays as an Application Security Engineering Lead, where you'll de...
Location
Location
United Kingdom , Glasgow; Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with the software security landscape: CVEs, CWEs, common software vulnerability types
  • Experience with SAST, SCA, and DAST, including the strengths and weaknesses of each
  • At least one programming language (e.g. Java, Go)
  • At least one major cloud provider (e.g. AWS, GCP, Azure)
  • Experience with REST API design
  • Experience with HTTP Authentication
  • Experience with Linux at the terminal, including scripting and automation (e.g. shell, Python)
Job Responsibility
Job Responsibility
  • Provision of subject matter expertise on security systems and engineering patterns
  • Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems
  • Management and protection of secrets, ensuring that they are securely generated, stored, and used
  • Execution of audits to monitor, identify and assess vulnerabilities in the banks infrastructure/software and support the response to potential security breaches
  • Identification of advancements in to support the innovation and adoption of new cryptographic technologies and techniques
  • Collaboration across the bank, including developers and security teams, to ensure that cryptographic solutions align with business objectives, security policies and regulatory requirements
  • Development/ Implementation and maintenance of Identity and Access Management solutions and systems
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Application Security Engineer

Location
Location
Salary
Salary:
Not provided
ryzlabs.com Logo
Ryz Labs
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum 3-5 years of experience in secure software development, Security Architecture, threat modeling, or related roles
  • Relevant Professional certifications such as CISSP, OSCP, GWEB, CREST-CWAT or similar are highly desirable
Job Responsibility
Job Responsibility
  • Work as an internal security consultant to help product & engineering teams understand the security risk and advise them on best practices
  • Design and implement secure architecture solutions for applications and systems
  • Conduct threat modeling exercises to identify and mitigate potential security threats
  • Document and communicate threat modeling findings and recommendations
  • Perform periodic Security Assessments and code reviews to ensure compliance with SSDLC practices
  • Perform proactive research to detect new attack vectors and pentest internal and external apps
  • Implement security controls and best practices within CI/CD pipelines. Automate the security testing tools and processes within the CD/CI pipeline
  • Develop security tools and security metrics
  • Manage and Oversee vulnerability disclosure program by coordinating with external researchers to validate and triage reported vulnerabilities
  • Develop and maintain security standards and guidelines for application development
Read More
Arrow Right

Application Security Engineer II

In this role, you will support Rackspace's application security program by imple...
Location
Location
India
Salary
Salary:
Not provided
rackspace.com Logo
Rackspace
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2-4 years in the information security field
  • Experience working with application security, security testing, or DevSecOps practices
  • Working knowledge of the SDLC, security concepts, and vulnerability assessment methodologies
  • Hands-on experience with or understanding of programming and scripting languages including one or more of the following: Python, Java, Node.js, Go, Ruby, PHP
  • databases such as SQL
  • and related tools such as Github, Gitlab, Jenkins, and CircleCI
  • Understanding of common vulnerabilities, remediation approaches, and industry-standard classification schemes (CVE, CWE, CVSS, OWASP Top 10)
  • Familiarity with relevant compliance regulations, such as PCI-DSS, ISO 27001, SOC 2, or HIPAA
  • Passion for security and eagerness to learn about new technologies and emerging security vulnerabilities
  • Strong communication skills with the ability to work collaboratively across teams
Job Responsibility
Job Responsibility
  • Execute application security testing using both automated tools and manual testing techniques on web applications, APIs, containers, and other software components
  • Configure, maintain, and operate SAST, DAST, and other application security testing tools
  • Analyze and triage security findings, documenting clear remediation guidance for development teams
  • Support the vulnerability reporting process and track findings through to resolution
  • Assist with triage and validation of external vulnerability disclosures and bug bounty reports
  • Contribute to the development and documentation of application security processes and standards
  • Participate in security code reviews and threat modeling exercises
  • Help track and report metrics for application security program health
  • Collaborate with development and DevOps teams to integrate security into CI/CD pipelines
  • Stay current with application security trends, tools, and best practices
  • Fulltime
Read More
Arrow Right

Security Engineer, Application Security

Figure is an AI Robotics company developing a general purpose humanoid. Our huma...
Location
Location
United States , San Jose
Salary
Salary:
150000.00 - 350000.00 USD / Year
figure.ai Logo
Figure
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in several of the following application security domains: penetration testing, vulnerability research, security assessment, secure coding practices, security architecture & design, hardware security
  • Strong software engineering (not scripting or automation) skills in C/C++, Rust, Golang, Python or similar
  • Experience with securing embedded systems, including secure boot, secure identity, OTA, or others
  • Solid foundation in web security, mobile security, or cryptography
  • Ability to collaborate with internal and external stakeholders whilst prioritizing tasks and work independently under minimal supervision.
  • BS in Computer Science, Engineering, Information Systems, or equivalent years of experience in a related technical field
  • 3+ years of experience in the field of application security or related security role
  • Passion for learning and helping others
  • Excellent verbal and written communication skills, with high attention to detail
Job Responsibility
Job Responsibility
  • Conduct security assessments of applications, embedded systems, back-end services, and business integrations, as well as build tooling for a secure development lifecycle
  • Design technical solutions to mitigate security weaknesses on the robot and our service stack. Work with teams across the company to implement them.
  • Build frameworks and systems to prevent classes of vulnerabilities
  • Hunt for vulnerabilities and insecure coding patterns on our product stack (backend services and robot internal systems)
  • Be a champion for security and user privacy
  • Fulltime
Read More
Arrow Right

Senior Frontend Engineer (Application Security)

At Easygo, our DevSecOps team is at the heart of our engineering, security and o...
Location
Location
Australia , Melbourne
Salary
Salary:
Not provided
easygo.io Logo
Easygo Gaming
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's/Master's degree in Computer Science or equivalent practical experience
  • 7+ years of hands-on experience in software engineering, with a primary focus on security engineering
  • Strong understanding of code architecture and design principles
  • Excellent problem-solving skills and the ability to thrive in a fast-paced, dynamic environment
  • Strong communication skills for effective collaboration with teams and stakeholders
  • Analytical mindset to address complex technical challenges and devise innovative solutions
  • Positive attitude and eagerness to learn new technologies to grow as a security engineer
Job Responsibility
Job Responsibility
  • Lead by example, and drive the adoption of secure software development lifecycle (SSDLC) practices. This includes performing threat modelling, providing secure coding guidance to development teams, and embedding security requirements early in the design phase
  • Own, improve, execute and manage various security tests, including SAST, DAST, and SCA, to identify vulnerabilities. Analyse test results and prioritise findings. Fix what you find, and work with developers to ensure timely remediation
  • Implement and maintain automated security controls within the CI/CD pipeline. This involves integrating security tools to enable continuous security testing and monitoring, making security an integral part of the DevSecOps process
  • Deploy and configure Web Application Firewalls (WAFs) and Runtime Application Self-Protection (RASP) solutions to protect from real-time attacks. Respond to urgent application security incidents as needed
  • Take ownership of the platform vulnerability management program. This involves tracking, prioritising, and remediation of security flaws found in applications, ensuring all vulnerabilities are addressed and verified
  • Actively engage in hands-on coding, testing, debugging, and troubleshooting to ensure code quality, scalability, and maintainability
  • Write efficient, scalable, and maintainable code, adhering to coding standards and best practices
  • Innovate within the team by pushing for improvements and driving constructive changes to enhance team performance and efficiency
  • Analyse complex problems and provide effective solutions, contributing to team goals and initiatives
  • Lead and independently complete medium-sized projects or initiatives from start to finish
What we offer
What we offer
  • Access to over 9,000 courses across our Learning and Development Platform
  • EAP access for you and your family
  • Be rewarded with lucrative annual bonuses
  • Give back with a paid volunteer day
  • Fuel your day with daily breakfast and open pantries brimming with unlimited snacks and refreshments, all on the house
  • Break up the week with on site remedial massage Wednesdays
  • In house full-time barista’s providing you your daily coffee needs
  • Weekly team lunches and happy hour in the office from 4pm on Fridays
  • Enjoy a bustling office with the option for up to 2 days work from home per week
  • Fun office environment with pool tables, table tennis and all your favourite gaming consoles
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Melbourne; Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy