[Hiring] Senior Application Security Engineer @ServiceTitan

Role Description

At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an exceptional Senior Application Security Engineer to help us build a "Secure Paved Road"—an automated, self-service ecosystem that enables our 80+ R&D squads to build securely by default.

This role will define and scale how secure software is built at ServiceTitan by embedding security directly into the development lifecycle, from code to production. It will reduce organizational risk by automating detection and remediation of vulnerabilities, standardizing secure architecture patterns, and eliminating entire classes of security issues at their source. By partnering closely with engineering, this role will drive a shift toward secure by default development while continuously validating defenses through testing, threat modeling, and proactive simulation.

What you’ll do:

• Build the Secure Paved Road (Pipeline and Code)
  • Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention.
  • Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls.
  • Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API.
  • Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization.
• Continuous Security Testing and Validation
  • Lead onboarding and operation of continuous penetration testing capabilities across web applications and services.
  • Participate in and help scale internal security assessments, penetration testing, and bug bounty programs.
  • Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA.
  • Run proactive simulations based on emerging threats to validate defenses and identify gaps.
• Architecture and Threat Modeling
  • Lead security design reviews and threat modeling for new and existing services.
  • Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack.
  • Continuously analyze evolving security threats, determine relevance, and implement centralized mitigations.
• Operational Support and Engineering Partnership
  • Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practices.
  • Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introduced.
  • Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issues.
  • Participate in security incident response and support post incident analysis and remediation efforts.
• Continuous Improvement and Expertise
  • Maintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security posture.

Qualifications

• 5+ years of experience in Product/Application Security, with a strong background in software engineering.
• Proficiency in C#/.NET (preferred) or Go/Java.
• Experience moving security "left" using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors.
• Proven ability to script (Python, Go, PowerShell) and automate security tasks.
• Interest in the intersection of AI and Security, specifically in securing AI workloads.

Requirements

• Your success will be measured by real risk reduction.
• You will work side by side with engineering teams to shape how software is built, secured, and deployed.
• You will help define how modern security teams leverage automation and intelligent systems to scale.
• You will have the autonomy to identify problems, design solutions, and implement them end to end.

Benefits

• Flexible time off with ample learning and development opportunities.
• Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents).
• Parental leave and support, up to $20k in fertility services, surrogacy, and adoption reimbursement.
• Legal advisory services, financial planning tools, and more.