Sr Application Security Engineer
Indexed description
This Sr. Level role is to help development teams build and run software more securely without slowing them down. This role is part of the application security team and works across application development, DevOps, and cyber security to help teams work through vulnerabilities, improve day-to-day security practices, and make better decisions about where to focus on the cyber risk areas. It is also a senior role on the team, so there is an expectation to mentor others, provide practical guidance, and step in when leadership support is needed.
The value of the role is that it helps turn security from something teams react to into something that is built into how they work. For the team, that means clearer direction, stronger technical support, and better follow-through on the issues that matter most. For the business, it means reducing avoidable risk, improving consistency across application security work, and giving leadership confidence that security issues are being managed in a practical and accountable way.
The Role
The Senior Application Security Engineer is a senior technical role responsible for advancing security across the software development lifecycle (SDLC). Working closely with application development, DevOps, cyber security, and IT teams, this position leads the identification, assessment, prioritization, and remediation of vulnerabilities across code, infrastructure, and applications, while providing technical direction on secure development practices, automation, and risk reduction.
This role serves as a trusted technical leader and escalation point for application and vulnerability management matters, partnering across teams to drive remediation, influence technical decisions, and support consistent execution across multiple initiatives. The successful candidate will bring strong technical depth, sound judgment, and a strong application development background, along with the ability to provide leadership continuity and decision support when the manager is out of office.
What You'll Do
- Build strong relationships across application development, DevOps, cyber security, and IT teams to influence secure development outcomes and provide expert technical guidance
- Lead vulnerability management activities, including prioritization, risk evaluation, progress tracking, and stakeholder communication
- Monitor emerging business, technology, and cyber security trends and translate insights into practical improvements for development teams
- Partner with engineering and DevOps teams to evaluate, implement, and optimize vulnerability management capabilities across people, process, and technology
- Own and enhance key components of vulnerability management and application security solutions in complex enterprise environments
- Conduct and oversee targeted vulnerability assessments to identify control gaps and evaluate the effectiveness of existing safeguards
- Apply security and risk frameworks such as ISO 27001-2, PCI DSS, NIST CSF 20, ITIL, COBIT, CVSSv4, OWASP, and MITRE ATT&CK to guide technical decisions and remediation priorities
- Provide hands-on expertise with vulnerability management and prioritization platforms, driving adoption of risk-based remediation practices
- Perform root cause analysis on vulnerabilities and work with development and platform teams to determine practical, effective solutions
- Assess exploitability and business impact in organizational context and recommend remediation strategies that balance risk reduction with operational needs
- Bring broad cyber security expertise spanning vulnerability management, privacy, incident response, governance, risk and compliance, enterprise security strategy, and security architecture
- Lead and coordinate cyber security initiatives by shaping plans, driving execution, and communicating status to technical stakeholders and leadership
- Mentor other team members by sharing technical guidance, supporting development, and helping build consistency across the team’s application security work
- Bachelor’s degree in Computer Science, Information Systems, Engineering, Business, or a related field is preferred
- Strong understanding of the vulnerability management lifecycle, governance, and risk-based prioritization in enterprise environments
- Deep familiarity with application security and risk frameworks, including ISO 27001-2, ISO 31000, PCI DSS, OWASP ASVS, NIST frameworks, ITIL, COBIT, CVSSv4, and MITRE ATT&CK
- Hands-on experience with vulnerability management tools such as Qualys, Tenable, Snyk, and TruffleHog Pro
- Experience working in Agile development environments
- Strong understanding of operating systems (Windows, Unix, and MacOS), cloud concepts (including secure build images, ephemeral workloads, and cloud patching), and networking fundamentals
- Strong application development background, with broad understanding of full-stack application development and mobile development across iOS and Android
- Experience developing metrics, dashboards, and risk reporting for technical teams and leadership
- Experience with API security scanning and application security testing approaches
- Ability to communicate complex technical issues clearly and succinctly to engineers, senior leaders, and business stakeholders
- Broad knowledge of cyber security practices including secure configuration management, data protection and privacy, security monitoring, incident response, governance, risk and compliance, patch management, and enterprise security architecture
- Strong written and verbal communication skills with the ability to influence senior management, technical subject matter experts, and cross-functional stakeholders
- Demonstrated ability to examine issues strategically and analytically, balancing technical depth with practical business outcomes
- Advanced understanding of the use of AI in application development
- Experience working in cloud and container environments
- Penetration testing and application security experience
- Automation and scripting experience, such as Python or Bash
- Deep experience in enterprise application development
This job will remain posted until filled. In accordance with Nutrien policies, you will be required to undergo a background check, and may be required to undergo a substance test. While we appreciate all applications we receive, only candidates under consideration will be contacted. Applicants must meet minimum age requirements, as permitted by law.
Our Recruitment Process: Application > Resume Review > Pre-screen/Interview > Offer > Pre-Employment Conditions > Welcome to Nutrien
To stay connected to us and for the latest job postings and news, follow us on: LinkedIn, Facebook, and Instagram.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search