Application Security Engineer

About The Position

Requirements

• BA/BS in Computer Science, Cybersecurity, or a related field (or equivalent industry experience).
• 5+ years of experience in application security and vulnerability management.
• Deep understanding of software security vulnerabilities, including CVEs, OWASP Top 10, and supply chain risks.
• Experience with SAST, DAST, dependency scanning, and vulnerability management tools (e.g., Snyk, GitHub Dependabot, Trivy, Clair, Burp Suite, OWASP ZAP).
• Strong familiarity with package managers (npm, pip, Maven, Go modules) and securing open-source dependencies.
• Coding experience in languages such as Go, Python, Java, or C++ to develop security test cases and tooling.
• Hands-on experience with cloud-native security best practices across AWS, GCP, or Azure.
• Knowledge of container security, Kubernetes security, and securing microservices architectures.
• Ability to lead cross-functional initiatives and drive security adoption within engineering teams.
• A strong proactive approach to security, identifying risks before they become problems.
• Excellent problem-solving skills and the ability to balance security with performance and usability.
• Experience working in fast-paced, highly collaborative environments where security is a shared responsibility.
• Passion for open-source security and keeping up with the latest trends in software vulnerability management.

Responsibilities

• Own and lead the vulnerability management lifecycle, ensuring our entire tech stack is free from known CVEs.
• Implement and manage secure base OS images, ensuring all underlying systems remain hardened against security threats.
• Continuously scan, monitor, and patch OSS dependencies to mitigate supply chain risks and enforce best practices for dependency management.
• Research and evaluate trusted open-source security solutions like Google’s Assured Open Source Software and recommend their adoption where applicable.
• Work closely with engineering teams to integrate state-of-the-art SAST, DAST, and dependency scanning tools into the CI/CD pipeline to detect and remediate vulnerabilities early.
• Define and maintain best practices for secure coding to ensure all code developed by Glean engineers is free from vulnerabilities.
• Develop automated security validation tests to enforce vulnerability-free deployments across the stack.
• Lead the adoption and, if necessary, develop custom security solutions to manage and mitigate security risks at scale.
• Provide security guidance, training, and mentorship to engineering teams to foster a security-first culture at Glean.

Benefits

• The standard base salary range for this position is $153,000 - $238,000 annually.
• Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience.
• Certain roles may be eligible for variable compensation, equity, and benefits.