Senior Application Security Developer

This is a fully remote position, open to applicants in Canada.

📋 Description

• Collaborate with engineering teams to integrate security throughout the software development lifecycle, encompassing design reviews, threat modeling, implementation guidance, code reviews, and release readiness.

• Detect, validate, and assist in mitigating common application security vulnerabilities, including injection flaws, broken access control, authentication and authorization issues, data leakage, insecure deserialization, and server-side request forgery.

• Assist in security evaluations of AI-driven applications and AI-assisted development processes, addressing risks associated with LLM-integrated systems, coding assistants, prompt injection, sensitive data exposure, and unsafe interactions with models or tools.

• Create and sustain secure coding guidelines, reusable security patterns, and engineering enablement resources for application, API, cloud, and data protection risks.

• Enhance and embed application security testing within CI/CD pipelines, including SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and various other automated controls.

• Educate developers on secure coding practices, threat modeling, vulnerability remediation, safe usage of third-party components, and responsible adoption of emerging technologies.

• Monitor, prioritize, and report on application security risks and trends to continuously enhance Autodesk's product security posture.

⛳️ Requirements

• In-depth understanding of application security principles, including the OWASP Top 10, secure software design practices, common classes of vulnerabilities, and effective mitigation strategies.

• Practical experience in securing modern web applications, APIs, microservices, and cloud-native systems.

• Background in conducting secure design reviews, threat modeling, code reviews, vulnerability assessments, or penetration testing.

• Solid knowledge of authentication, authorization, session management, data protection, input validation, output encoding, and secure API design.

• Experience in identifying and addressing vulnerabilities such as injection attacks, broken access control, insecure deserialization, server-side request forgery, cross-site scripting, data leakage, and insecure configurations.

• Familiarity with integrating security testing and controls within CI/CD pipelines and DevSecOps methodologies.

• Awareness of common application security tools, including SAST, DAST, SCA, secrets scanning, container scanning, or API security testing tools.

• Proficiency in scripting or programming languages such as Python, JavaScript, Go, Java, or similar for automation, testing, or prototyping purposes.

• Capacity to clearly communicate complex security risks and translate them into practical, actionable guidance for engineering teams.

• Knowledge of emerging AI/LLM security risks, including prompt injection, data exposure, unsafe tool invocation, and secure utilization of AI coding assistants.

🏝️ Benefits

• Annual cash bonuses

• Comprehensive benefits package