[Hiring] Application Security Engineer @Trellix

Role Description

As a key member of the Information Security team, reporting to the Manager of Application Security, you will own the vulnerability management lifecycle and champion secure engineering. Your primary goal is to bridge the gap between security findings and development solutions. In this role, you will protect our multi-cloud and on-premise environments by partnering with DevOps to turn risk insights into automated defense and rapid remediation.

About the role:

• Lifecycle Management: You will drive the full vulnerability process from discovery and risk prioritization to coordinating remediation with engineering teams.
• Offensive Security: You will lead dynamic testing efforts, including automated DAST scans, targeted penetration tests, and the triage of Bug Bounty submissions.
• Cloud Integration: You will partner with DevOps to secure infrastructure-as-code (IaC) and container deployments, ensuring security is embedded by design.
• Automation: You will write scripts (Python/Bash) to automate workflows, correlate security data, and eliminate manual ticketing toil.
• Advisory: You will act as a technical Subject Matter Expert (SME), guiding developers on how to fix code vulnerabilities, manage secrets, and secure open-source dependencies.

Qualifications

• You are a collaborative problem-solver who views security as an enabler, building strong relationships with development and infrastructure teams.
• You have a background in Application Security or Vulnerability Management and can translate complex risks into clear, actionable guidance for engineers.
• You are comfortable working with modern cloud architectures and understand how to secure pipelines, containers, and web applications (OWASP Top 10).
• You have a passion for automation and bring the scripting skills necessary to streamline repetitive security tasks.

Requirements

• Utilize Black Duck/SCA tools to monitor open-source risks, ensuring third-party libraries are secure and license-compliant.
• Act as an engineering SME, providing actionable guidance to remediate vulnerabilities discovered via SDL scans (e.g., SAST, DAST, manual audits).
• Partner with DevOps/CloudOps to embed security into cloud-native environments, ensuring IaC (Terraform/CloudFormation) and containerized deployments remain resilient.
• Develop scripts (Python, Bash, or PowerShell) to automate repetitive tasks, including data correlation between security toolsets and auto-ticketing.
• Oversee the secure implementation of secrets management solutions to eliminate hardcoded credentials.

Benefits

• Retirement Plans
• Medical, Dental and Vision Coverage
• Paid Time Off
• Paid Parental Leave
• Support for Community Involvement