Senior Application Security Engineer
Indexed description
The ideal candidate will possess strong expertise in application security, secure coding practices, threat modeling, vulnerability management, and DevSecOps. This individual will act as a security advisor to engineering teams and help drive security initiatives across software, firmware, cloud, and AI-enabled development environments.
Base salary range is $100,000 - $150,000 a year. The base salary offer will depend on factors such as education, experience, training, skills, qualifications, and location. This position is also eligible for a discretionary bonus, equity and a full range of medical and other benefits.
Why Credo
- Purpose: We invest in what matters. From meaningful-future shaping projects to competitive compensation, we empower you to grow your career while making a lasting impact.
- People: Connection starts within. We collaborate, celebrate wins, and create an environment where everyone can do their best work.
- Possibilities: Our belief shapes what’s next. Our technology powers the most reliable and energy-efficient connections around the world – and our team powers new products and markets that come next.
- 5+ years in application/product security with hands‑on work in secure design, threat modeling, code review, and vulnerability management.
- Secure SDLC leadership including 3+ years implementing or managing SDLC programs and partnering with engineering teams throughout the lifecycle.
- Strong application security expertise including secure coding principles, architecture reviews, API security, and remediation guidance.
- Technical depth in C, C++, and Python with experience reviewing and securing applications in these languages.
- DevSecOps and automation proficiency including GitHub/GitLab, CI/CD pipelines, SAST/DAST/SCA, container security, and security automation tooling.
- Cross‑functional communication with the ability to mentor developers, influence secure development practices, and support audits or customer assessments.
- Embedded and hardware security experience across semiconductor, networking, ASIC, or similar environments.
- Firmware and ASIC security, including securing embedded software and hardware‑adjacent applications.
- AI‑assisted development security and strong familiarity with secure AI usage patterns.
- Cloud security expertise across AWS, Azure, and GCP.
- Knowledge of security frameworks including STRIDE, NIST SSDF, NIST CSF, CIS Controls, and ISO 27001.
- Relevant certifications such as GWAPT or GIAC GWEB.
- Secure SDLC leadership with a track record of partnering with engineering leadership to improve product security.
- Implementation and continuous improvement of the Secure Software Development Lifecycle (Secure SDLC) program.
- Partner with engineering leadership to embed security requirements into software and firmware development processes.
- Define security standards, secure coding guidelines, and security gates across the development lifecycle.
- Drive adoption of security-by-design principles across products and services.
- Conduct application security reviews, architecture reviews, and threat modeling exercises.
- Perform source code reviews and security assessments of internally developed applications and products.
- Identify, assess, prioritize, and track remediation of application security vulnerabilities.
- Support penetration testing activities and coordinate remediation efforts with development teams.
- Evaluate security risks associated with new technologies, frameworks, and third-party components.
- Implement and manage SAST, DAST, SCA, Secrets Scanning, Container Security, and CI/CD security controls.
- Collaborate with DevOps teams to automate security testing and vulnerability management processes.
Our product portfolio includes ZeroFlap (ZF) Active Electrical Cables (AECs) and ZF optical transceivers, OmniConnect memory solutions, and a suite of retimers and DSPs for optical and copper Ethernet and PCIe, all leveraging the PILOT diagnostic and analytics software platform. Credo innovations enable our customers to connect the systems that connect the world.
Credo is committed to creating an inclusive environment for all employees and welcome applicants from diverse backgrounds without regard to race, color, religion, gender, sex, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email [email protected].
Salary
100000 - 150000 USD (yearly)
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search