Senior Application Security Developer focusing on application security across the software development lifecycle at Autodesk. Partnering with engineering teams to embed security in product design and deployment.
Responsibilities
Partner with engineering teams to embed security throughout the software development lifecycle, including design reviews, threat modeling, implementation guidance, code review, and release readiness.
Identify, validate, and help remediate common application security vulnerabilities, including injection, broken access control, authentication and authorization flaws, data leakage, insecure deserialization, and server-side request forgery.
Support security reviews of AI-enabled applications and AI-assisted development workflows, including risks related to LLM-integrated systems, coding assistants, prompt injection, sensitive data exposure, and unsafe model or tool interactions.
Develop and maintain secure coding guidance, reusable security patterns, and engineering enablement materials for application, API, cloud, and data protection risks.
Integrate and improve application security testing in CI/CD pipelines, including SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and other automated controls.
Provide developer education on secure coding, threat modeling, vulnerability remediation, secure use of third-party components, and safe adoption of emerging technologies.
Track, prioritize, and report application security risks and trends to continuously improve Autodesk's product security posture.
Requirements
Strong understanding of application security fundamentals, including the OWASP Top 10, secure software design, common vulnerability classes, and practical mitigation techniques.
Hands-on experience securing modern web applications, APIs, microservices, and cloud-native systems.
Practical knowledge of authentication, authorization, session management, data protection, input validation, output encoding, and secure API design.
Experience identifying and mitigating vulnerabilities such as injection, broken access control, insecure deserialization, server-side request forgery, cross-site scripting, data leakage, and insecure configuration.
Experience integrating security testing and controls into CI/CD pipelines and DevSecOps workflows.
Familiarity with common application security tooling, such as SAST, DAST, SCA, secrets scanning, container scanning, or API security testing tools.
Proficiency in scripting or programming, such as Python, JavaScript, Go, Java, or similar languages, for automation, testing, or prototyping.
Ability to communicate complex security risks clearly and translate them into practical, actionable guidance for engineering teams.
Familiarity with emerging AI/LLM security risks, such as prompt injection, data exposure, unsafe tool invocation, and secure use of AI coding assistants.
Hiring a Threat Modeler / Security Architect with development background for hybrid full - time role in Canada, focusing on application security, threat modeling, and DevSecOps.
Network & Perimeter Security Specialist II - Firewall at Enbridge enhancing security architectures. Providing technical leadership and driving enterprise standards for firewall and network security.
Network and Perimeter Security IT Specialist I at Enbridge overseeing enterprise security architecture and leading large - scale security initiatives. Collaborating across teams to ensure secure solutions and compliance.
Lead critical cybersecurity transformation programmes at Hewlett Packard Enterprise, ensuring alignment with enterprise priorities and delivering complex initiatives. Collaborate with IT, cybersecurity, and business leaders.
Staff Engineer responsible for designing scalable security solutions and collaborating with engineering at Twilio. Empowering security partnerships across products and platforms while mitigating risks.
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.