Senior Application Security Engineer

Описание вакансии

Why join us?

We’re a global tech company,  just not the kind you’re picturing.

Sure, we’ve got catered lunches, team events, cool merch, and yes... dogs in the office. But that’s not why people join.

Our team of nearly a thousand people wakes up every day to make our product and our customers’ lives better. At SafetyCulture, you’ll hear “yes, let’s give it a shot” more often than “that’s not how we do things here.”

People join because we’re building tools that make work better for the 3 billion people who keep the world moving - factory floor operators, baggage handlers, truck drivers, servers, store assistants. The ones who make things happen. We’ve got the scale and innovation you’d expect from big tech. The difference? No endless layers of sign-off. No corporate theatre. Just smart, experienced people solving real problems fast .

The scale is big. But the ownership’s personal. Every full-time team member gets equity - real skin in the game. When we grow, you do too. We’re not perfect, no company is. But this next chapter of our growth is about scaling with intelligence, not just size - fueled by operational maturity, a clear vision, and a strong focus on AI.

This is big tech impact, without the big tech ick. If that excites you more than it scares you, you’ll fit right in.

About the Role

At SafetyCulture, we build products that help millions of people work safer and smarter every day. As a Staff Application Security Engineer, you’ll ensure our platform is secure by design and secure by default.

You’ll embed security into how we build; partnering with product and engineering teams to shape secure architectures, APIs, and development practices across our cloud-native SaaS platform running on AWS.

You’ll help us scale security while maintaining high engineering velocity.

At Staff level, you will lead cross-team security initiatives such as secure-by-default patterns, major authentication migrations, and large-scale dependency risk reduction. You’ll influence architectural decisions across multiple product teams and mentor engineers across the organisation, uplifting secure coding and design practices at scale.

About You

You’re a hands-on security engineer with strong software engineering fundamentals. You understand how modern SaaS platforms are built; microservices, distributed systems, CI/CD and you know how to make them secure in practical, scalable ways.

You’re comfortable reviewing production code (we primarily use Go), leading threat modelling discussions, and guiding teams on secure patterns. You communicate clearly, think in terms of risk and impact, and enjoy working closely with engineers to make the secure path the easiest path.

How you will spend your time:

• Design secure architectures and APIs in partnership with product teams.
• Lead threat modelling and secure design reviews for new features and services
• Embed secure SDLC practices (SAST, DAST, dependency scanning, CI/CD security controls)
• Strengthen authentication, authorisation, and access control patterns
• Improve supply-chain security and vulnerable dependency remediation
• Review penetration tests and drive effective remediation
• Provide pragmatic, risk‑based guidance to teams and stakeholders, balancing security, usability and delivery speed. (ISO 27001, SOC 2)

Skills you bring:

• Experience in application or product security for internet-facing SaaS platforms, ideally cloud-native.
• Strong software engineering background — able to read, reason about, and review production code (Go experience is beneficial but not required).
• Hands-on experience integrating security into CI/CD pipelines and modern development practices (SAST/DAST, dependency scanning, container scanning, security gates).
• Applied knowledge of web and API vulnerabilities (OWASP Top 10 and beyond) and practical mitigation strategies.
• Ability to communicate security concepts clearly and collaborate effectively with product and engineering teams.

At SafetyCulture, we care about people and growing the team, through

• Equity with high growth potential, and a competitive salary,
• Flexible working arrangements, we encourage you to create the best work blend while working from your home and the local SafetyCulture office;
• Access to professional and personal training and development opportunities; Hackathons, Workshops, Lunch & Learns;
• We encourage involvement in the community, open source work, attending talks and events, and experimenting with new technologies.

You’ll Also Receive Other Perks Such As

• In-house Culinary Crew serving up daily breakfast, lunch and snacks
• Wellbeing initiatives such as subsidised fitness programs, EAP services and generous parental leave policy
• Quarterly celebrations and team events, including the annual Shiplt! global offsite
• Table tennis, board games, gym sessions, book club, and pet-friendly offices.

We’re committed to building inclusive teams and cultivating a sense of belonging so our people can bring their whole authentic selves to work each day. We seek to make reasonable adjustments throughout our recruitment process to create an even playing field for all candidates. Thanks to the tireless efforts of the entire SafetyCulture team we’ve built an incredible culture which has seen us recognised as a Best Place to Work in Australia, the US and the UK .

Even if you don't meet every requirement listed in the ad, please consider applying for this role. We prioritise inclusion and value individuals with potential over a checklist of qualifications. Don't rule yourself out, hit that apply button if this job resonates with you.

You can find out more about life at SafetyCulture via Youtube, Twitter, Instagram and LinkedIn.

To all recruitment agencies, we do not accept resumes or partnership opportunities. Please do not forward resumes to SafetyCulture or any of our employees. We are not responsible for any fees associated with unsolicited resumes.