Senior Application Security Engineer
Senior Application Security Engineer
Ready to be a Titan? At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an exceptional Senior Application Security Engineer to help us build a "Secure Paved Road"—an automated, self-service ecosystem that enables our 80+ R&D squads to build securely by default.
Responsibilities
This role will define and scale how secure software is built at ServiceTitan by embedding security directly into the development lifecycle, from code to production. It will reduce organizational risk by automating detection and remediation of vulnerabilities, standardizing secure architecture patterns, and eliminating entire classes of security issues at their source. By partnering closely with engineering, this role will drive a shift toward secure by default development while continuously validating defenses through testing, threat modeling, and proactive simulation.
Key Responsibilities
- Build the Secure Paved Road (Pipeline and Code)
- Continuous Security Testing and Validation
- Architecture and Threat Modeling
+ Pipeline Automation: Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention. + Secure by Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls. + Secrets and Supply Chain: Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API. + Secure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization.
+ Penetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and services. + Security Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programs. + Tooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA. + Simulation and Validation: Run proactive simulations based on emerging threats to validate defenses and identify gaps.
+ Security Design Reviews: Lead security design reviews and threat modeling for new and existing services. + Secure Architecture: Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack. + Emerging Threat Analysis: