Principal Application Security Engineer

Autodesk

4

(10)

Toronto, Canada

Why you should apply for a job to Autodesk:

  • 4/5 in overall job satisfaction
  • 4/5 in supportive management
  • 60% say women are treated fairly and equally to men
  • 75% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Paid parental and maternity leaves, as well as up to $10k per calendar year for adoption, IVF, & other fertility services.
  • Paid discretionary time off for salaried employees plus a 6-week paid sabbatical after every 4 years of service.
  • A flexible workplace for most roles that meets business needs, while supporting employees with office, hybrid & remote work preferences.
  • #25WD91155

    Position summary

    Principal Application Security Engineer to drive strategic direction, develop standards, guidelines, and policies for our application security program. You will lead shift-left security efforts to build security into the software development lifecycle (SDLC). You will drive a standardized set of security requirements and align policies to meet external regulatory requirements. Come practice and grow your security expertise at scale to keep Autodesk one step ahead of our adversaries!

    Responsibilities

    • Define our application security strategies, standards, policies, and roadmaps and champion their implementation

    • Guide product stakeholders and teams to incorporate security into the SDLC

    • Evaluate the threat landscape through architecture reviews, secure code reviews, and threat models

    • Explore new and emerging technologies to identify security solutions to fill gaps or enhance capability and security value

    • Review output from SAST, DAST, and SCA tools and provide feedback on results

    • Establish security metrics and define KPIs for the application security program

    • Assist PSIRT with analysis on vulnerability reports submitted by researchers and root cause analysis

    • Assist in creation of security training and workshops for application teams

    Minimum Qualifications

    • 8+ years of experience in application security including web application experience, desktop application experience, and secure coding practices

    • Familiarity with industry standards and frameworks, such as OWASP Top Ten Project, NIST Cybersecurity Framework, SSDF, SLSA, etc

    • Expertise in threat modeling methodologies and tools

    • Experience with PKI/certificates and cryptography

    • Familiarity with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis tools and methodologies

    • Proficiency with at least one common programming language such as Python, Golang, Java, C/C++, or Javascript

    • Experience with cloud computing technologies, especially AWS (Amazon Web Services) or Azure

    • Experience with Git, Jenkins, Artifactory, or other similar technologies

    • Strong communication skills with the ability to converse with multiple types of audiences

    • Experience collaborating with distributed teams and other partners

    Learn More

    About Autodesk

    Welcome to Autodesk! Amazing things are created every day with our software - from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

    We take great pride in our culture here at Autodesk - it's at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

    When you're an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

    Salary transparency
    Salary is one part of Autodesk's competitive compensation package. Offers are based on the candidate's experience and geographic location. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

    Diversity & Belonging
    We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://https://www.autodesk.com/company/diversity-and-belonging

    Are you an existing contractor or consultant with Autodesk?

    Please search for open jobs and apply internally (not on this external site).

    Why you should apply for a job to Autodesk:

  • 4/5 in overall job satisfaction
  • 4/5 in supportive management
  • 60% say women are treated fairly and equally to men
  • 75% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Paid parental and maternity leaves, as well as up to $10k per calendar year for adoption, IVF, & other fertility services.
  • Paid discretionary time off for salaried employees plus a 6-week paid sabbatical after every 4 years of service.
  • A flexible workplace for most roles that meets business needs, while supporting employees with office, hybrid & remote work preferences.