Senior Application Security Engineer
About The Position
Credo is seeking a Senior Application Security Engineer to join our Security Team. This role will be responsible for advancing the organization's Secure Software Development Lifecycle (Secure SDLC), identifying and mitigating application security risks, and partnering closely with software, firmware, and engineering teams throughout the development lifecycle. The ideal candidate will possess strong expertise in application security, secure coding practices, threat modeling, vulnerability management, and DevSecOps. This individual will act as a security advisor to engineering teams and help drive security initiatives across software, firmware, cloud, and AI-enabled development environments.
Requirements
- 5+ years in application/product security with hands‑on work in secure design, threat modeling, code review, and vulnerability management.
- Secure SDLC leadership including 3+ years implementing or managing SDLC programs and partnering with engineering teams throughout the lifecycle.
- Strong application security expertise including secure coding principles, architecture reviews, API security, and remediation guidance.
- Technical depth in C, C++, and Python with experience reviewing and securing applications in these languages.
- DevSecOps and automation proficiency including GitHub/GitLab, CI/CD pipelines, SAST/DAST/SCA, container security, and security automation tooling.
- Cross‑functional communication with the ability to mentor developers, influence secure development practices, and support audits or customer assessments.
Nice To Haves
- Embedded and hardware security experience across semiconductor, networking, ASIC, or similar environments.
- Firmware and ASIC security, including securing embedded software and hardware‑adjacent applications.
- AI‑assisted development security and strong familiarity with secure AI usage patterns.
- Cloud security expertise across AWS, Azure, and GCP.
- Knowledge of security frameworks including STRIDE, NIST SSDF, NIST CSF, CIS Controls, and ISO 27001.
- Relevant certifications such as GWAPT or GIAC GWEB.
- Secure SDLC leadership with a track record of partnering with engineering leadership to improve product security.
Responsibilities
- Advancing the organization's Secure Software Development Lifecycle (Secure SDLC)
- Identifying and mitigating application security risks
- Partnering closely with software, firmware, and engineering teams throughout the development lifecycle
- Acting as a security advisor to engineering teams
- Driving security initiatives across software, firmware, cloud, and AI-enabled development environments
Benefits
- Discretionary bonus
- Equity
- Full range of medical and other benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
