Senior Application Security Developer

Posted last week

Apply Now

Resume Score

Check how well your resume matches this job before you apply.

Sign in to check score

About the role

  • Senior Application Security Developer focusing on application security across the software development lifecycle at Autodesk. Partnering with engineering teams to embed security in product design and deployment.

Responsibilities

  • Partner with engineering teams to embed security throughout the software development lifecycle, including design reviews, threat modeling, implementation guidance, code review, and release readiness.
  • Identify, validate, and help remediate common application security vulnerabilities, including injection, broken access control, authentication and authorization flaws, data leakage, insecure deserialization, and server-side request forgery.
  • Support security reviews of AI-enabled applications and AI-assisted development workflows, including risks related to LLM-integrated systems, coding assistants, prompt injection, sensitive data exposure, and unsafe model or tool interactions.
  • Develop and maintain secure coding guidance, reusable security patterns, and engineering enablement materials for application, API, cloud, and data protection risks.
  • Integrate and improve application security testing in CI/CD pipelines, including SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and other automated controls.
  • Provide developer education on secure coding, threat modeling, vulnerability remediation, secure use of third-party components, and safe adoption of emerging technologies.
  • Track, prioritize, and report application security risks and trends to continuously improve Autodesk's product security posture.

Requirements

  • Strong understanding of application security fundamentals, including the OWASP Top 10, secure software design, common vulnerability classes, and practical mitigation techniques.
  • Hands-on experience securing modern web applications, APIs, microservices, and cloud-native systems.
  • Experience performing secure design reviews, threat modeling, code reviews, vulnerability assessments, or penetration testing.
  • Practical knowledge of authentication, authorization, session management, data protection, input validation, output encoding, and secure API design.
  • Experience identifying and mitigating vulnerabilities such as injection, broken access control, insecure deserialization, server-side request forgery, cross-site scripting, data leakage, and insecure configuration.
  • Experience integrating security testing and controls into CI/CD pipelines and DevSecOps workflows.
  • Familiarity with common application security tooling, such as SAST, DAST, SCA, secrets scanning, container scanning, or API security testing tools.
  • Proficiency in scripting or programming, such as Python, JavaScript, Go, Java, or similar languages, for automation, testing, or prototyping.
  • Ability to communicate complex security risks clearly and translate them into practical, actionable guidance for engineering teams.
  • Familiarity with emerging AI/LLM security risks, such as prompt injection, data exposure, unsafe tool invocation, and secure use of AI coding assistants.

Benefits

  • Annual cash bonuses
  • Comprehensive benefits package

Job type

Full Time

Experience level

Senior

Salary

CA$101,000 - CA$148,500 per year

Degree requirement

Bachelor's Degree

Tech skills

CloudJavaJavaScriptMicroservicesPythonGo

Location requirements

RemoteCanada

Report this job

Found something wrong with the page? Please let us know by submitting a report below.