Application Security Engineer

Job Requisition ID #

26WD95371

Position Overview

Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer's data and their investment in our products by strengthening our applications, underlying services and network.

As part of this team, you will help strengthen Autodesk's products by embedding security directly into the software development lifecycle. You will partner with product and engineering teams to perform secure code reviews, integrate and optimize SAST tooling, and enable developers to identify and remediate vulnerabilities early within their development environments. You will help standardize secure coding practices, drive consistent application security controls across the development process, and ensure solutions align with Autodesk's security and regulatory requirements. Come grow your application security expertise at scale while empowering teams to build secure software and stay ahead of emerging threats!

• Perform in-depth secure code reviews across multiple languages and frameworks, identifying vulnerabilities and providing actionable remediation guidance to engineering teams

• Analyse and triage results from Static Application Security Testing (SAST) tools, tuning rules and reducing false positives to improve signal quality

• Partner with development teams to integrate security into the Software Development Lifecycle (SDLC), embedding secure coding practices from design through deployment

• Provide hands-on guidance to engineers within their development environments (IDEs), helping them remediate findings and adopt secure coding practices early in the development process

• Collaborate with product and platform teams to integrate SAST and secure coding checks into CI/CD pipelines and developer workflows

• Develop and maintain secure coding standards, guidelines, and best practices aligned with industry frameworks (e.g., OWASP Top 10)

• Support threat modeling and design reviews by identifying security risks in application architecture and code-level implementations

• Drive shift-left security initiatives by enabling developers with tooling, automation, and training to identify and fix vulnerabilities early

• Contribute to developer education through training sessions, documentation, and hands-on workshops focused on secure coding and vulnerability remediation

• Track and report on security findings, trends, and remediation progress to improve overall application security posture

• Hands-on experience performing secure code reviews and identifying common application vulnerabilities (e.g., OWASP Top 10)

• Practical experience with Static Application Security Testing (SAST) tools (e.g., Checkmarx, Fortify, CodeQL, Semgrep, etc.), including triage and tuning

• Strong understanding of secure coding principles and how vulnerabilities manifest in real-world codebases

• Experience working within modern development environments and IDEs (e.g., VS Code, IntelliJ, Eclipse) and integrating security into developer workflows

• Familiarity with the Software Development Lifecycle (SDLC) and experience embedding security controls into CI/CD pipelines

• Ability to read and understand code in one or more common programming languages (e.g., Java, Python, JavaScript, C/C++, Go)

• Experience collaborating directly with developers to remediate vulnerabilities and improve code quality

• Strong analytical and problem-solving skills with the ability to prioritize and manage multiple findings

• Excellent communication skills, with the ability to explain security issues and remediation steps clearly to engineering teams

• Demonstrated ownership, curiosity, and ability to work cross-functionally with engineering, product, and security stakeholders

• Bachelor's in computer science, Information Security, or equivalent professional experience

• Experience with multiple SAST tools and ecosystems, including customization of rules, policy tuning, and integration into developer workflows

• Experience building or scaling shift-left security programs, including developer enablement and self-service security tooling

• Experience developing secure coding guidelines, playbooks, and training materials for engineering teams
• Strong communication skills and the ability to explain security concepts to non-security audiences
  
  #LI-PJ1