Principal Application Security Engineer
APAC - India - Bengaluru - Sunriver
Autodesk
Job Requisition ID #
24WD79583Position Overview
Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer's data and their investment in our products by strengthening our applications, underlying services and network.
We are looking for a passionate Principal Application Security Engineer to drive strategic direction, develop standards, guidelines, and policies for our application security program. You will lead "shift-left" security efforts to build security into the software development lifecycle (SDLC). You will drive a standardized set of security requirements and align policies to meet external regulatory requirements. Come practice and grow your security expertise at scale to keep Autodesk one step ahead of our adversaries!
You will report to Sr. Manager, Application Security Engineering. This is a hybrid position in Bengaluru, India.
Responsibilities
- Define our application security strategies, standards, policies, and roadmaps and champion their implementation.
- Guide product stakeholders and teams to incorporate security into the SDLC.
- Evaluate the threat landscape through architecture reviews, secure code reviews, and threat models.
- Explore new and emerging technologies to identify security solutions to fill gaps or enhance capability and security value.
- Review output from SAST, DAST, and SCA tools and provide feedback on results.
- Establish security metrics and define KPIs for the application security program.
- Assist PSIRT with analysis on vulnerability reports submitted by researchers and root cause analysis.
- Assist in creation of security training and workshops for application teams.
Minimum Qualifications
- 8+ years of experience in application security including web application experience, desktop application experience, and secure coding practices.
- Familiarity with industry standards and frameworks, such as OWASP Top Ten Project, NIST Cybersecurity Framework, SSDF, SLSA, etc.
- Expertise in threat modeling methodologies and tools.
- Familiarity with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis tools and methodologies
- Experience with cloud computing technologies, especially AWS (Amazon Web Services) or Azure.
- Experience with Git, Jenkins, Artifactory, or other similar technologies.
- Experience collaborating with distributed teams and other partners.
Preferred Qualifications
- Proficiency with at least one common programming language such as Python, Golang, Java, C/C++, or Javascript.
- Experience with PKI/certificates and cryptography.
#LI-CL1
Learn More
About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.
We take great pride in our culture here at Autodesk – our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers.
When you’re an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!
Salary transparency
Salary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, we also have a significant emphasis on discretionary annual cash bonuses, commissions for sales roles, stock or long-term incentive cash grants, and a comprehensive benefits package.Diversity & Belonging
We take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging
Are you an existing contractor or consultant with Autodesk?
Please search for open jobs and apply internally (not on this external site).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure C Cloud Cryptography DAST Golang Java JavaScript Jenkins KPIs NIST OWASP PKI PSIRT Python SAST SDLC
Perks/benefits: Career development Competitive pay
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Penetration Tester jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Officer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Cyber Security Architect jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs