Staff Application Security Engineer

Staff Application Security Engineer at Culture Amp Overview Culture Amp is a world‑leading employee experience platform that empowers companies to create a better world of work. As a Staff Application Security Engineer, you will be the technical authority for application security across our global SaaS platform, driving strategy, reviews, automation, and mentorship to protect millions of users and enable secure, reliable product delivery. Responsibilities Lead complex, high‑impact application security reviews, threat modeling, and risk assessments across the product portfolio. Embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps). Develop and scale security automation, tools, and centralized libraries to enable developers to build secure applications efficiently. Proactively identify, assess, and address security risks and vulnerabilities in the SaaS environment, including cloud‑native and microservices architectures. Own and evolve vulnerability management programs, ensuring timely triage, remediation, and communication of security issues. Mentor and support engineers across the organization, fostering a culture of security awareness and continuous learning. Influence cross‑functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP). Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp. Represent Culture Amp’s security expertise internally and externally, supporting customer security reviews and contributing to the broader security community. Qualifications Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud‑native environments. Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2). Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g., AWS). Strong knowledge of security automation, CI/CD integration, and DevSecOps practices. Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity. Demonstrated ability to lead and influence cross‑functional teams, drive change, and deliver results in ambiguous or complex environments. Excellent communication skills, with the ability to explain complex security concepts to technical and non‑technical audiences. Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement. Familiarity with security‑related compliance requirements and standards relevant to SaaS businesses. Benefits Employee Share Options Program and competitive compensation package. Coaching, programs, and budgets to support personal and professional growth. Monthly Camper Life Allowance and team‑budget–dedicated connection activities. Quarterly wellbeing pauses, extended year‑end breaks, and 5 Social Impact Days a year. MacBooks and a work‑from‑home office budget to set up a home office. Medical insurance coverage for you and your family (US & UK only). Robust parental leave, anti‑racism commitment, and inclusive employee resource groups. Location Melbourne, Victoria, Australia (primarily remote‑first with flexibility across the region) Seniority Level Mid‑Senior level Employment Type Full‑time Job Function Information Technology – Software Development Diversity & Inclusion We strongly encourage you to apply if you’re interested: we value your unique experience and your potential to amplify our team. Accommodations If you require reasonable accommodations for a disability, please contact . We will respond promptly to your request. Privacy & Retention Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of application completion. For further information, see our privacy policy or contact . #J-18808-Ljbffr