Senior Application Security Engineer
About The Position
Credo is seeking a Senior Application Security Engineer to join our Security Team. This role will be responsible for advancing the organization's Secure Software Development Lifecycle (Secure SDLC), identifying and mitigating application security risks, and partnering closely with software, firmware, and engineering teams throughout the development lifecycle. The ideal candidate will possess strong expertise in application security, secure coding practices, threat modeling, vulnerability management, and DevSecOps. This individual will act as a security advisor to engineering teams and help drive security initiatives across software, firmware, cloud, and AI-enabled development environments.
Requirements
- 5+ years in application/product security with hands‑on work in secure design, threat modeling, code review, and vulnerability management.
- Secure SDLC leadership including 3+ years implementing or managing SDLC programs and partnering with engineering teams throughout the lifecycle.
- Strong application security expertise including secure coding principles, architecture reviews, API security, and remediation guidance.
- Technical depth in C, C++, and Python with experience reviewing and securing applications in these languages.
- DevSecOps and automation proficiency including GitHub/GitLab, CI/CD pipelines, SAST/DAST/SCA, container security, and security automation tooling.
- Cross‑functional communication with the ability to mentor developers, influence secure development practices, and support audits or customer assessments.
Nice To Haves
- Embedded and hardware security experience across semiconductor, networking, ASIC, or similar environments.
- Firmware and ASIC security, including securing embedded software and hardware‑adjacent applications.
- AI‑assisted development security and strong familiarity with secure AI usage patterns.
- Cloud security expertise across AWS, Azure, and GCP.
- Knowledge of security frameworks including STRIDE, NIST SSDF, NIST CSF, CIS Controls, and ISO 27001.
- Relevant certifications such as GWAPT or GIAC GWEB.
- Secure SDLC leadership with a track record of partnering with engineering leadership to improve product security.
Responsibilities
- Implementation and continuous improvement of the Secure Software Development Lifecycle (Secure SDLC) program.
- Partner with engineering leadership to embed security requirements into software and firmware development processes.
- Define security standards, secure coding guidelines, and security gates across the development lifecycle.
- Drive adoption of security-by-design principles across products and services.
- Conduct application security reviews, architecture reviews, and threat modeling exercises.
- Perform source code reviews and security assessments of internally developed applications and products.
- Identify, assess, prioritize, and track remediation of application security vulnerabilities.
- Support penetration testing activities and coordinate remediation efforts with development teams.
- Evaluate security risks associated with new technologies, frameworks, and third-party components.
- Implement and manage SAST, DAST, SCA, Secrets Scanning, Container Security, and CI/CD security controls.
- Collaborate with DevOps teams to automate security testing and vulnerability management processes.
Benefits
- discretionary bonus
- equity
- medical and other benefits
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
