Staff Application Security Engineer

Join to apply for the Staff Application Security Engineer role at Culture Amp Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high-performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day. As a Staff Application Security Engineer at Culture Amp, you will play a pivotal role in shaping and elevating our application security posture across our global SaaS platform. You’ll be the technical authority for application security, partnering closely with engineering, product, and security teams to embed security best practices throughout the software development lifecycle. Your work will directly protect the data and trust of millions of users, enabling Culture Amp to deliver innovative, secure, and reliable employee experience solutions at scale. You will drive the strategy and execution of application security initiatives, lead complex security reviews and threat modeling, and scale security through automation and developer enablement. As a senior technical leader, you’ll mentor engineers, influence cross-functional teams, and champion a culture of security awareness and continuous improvement. Your expertise will help us stay ahead of emerging threats, meet compliance requirements, and ensure that security is a core part of our product DNA. Responsibilities Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members. Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps). Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale. Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures. Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues. Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning. Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP). Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp. Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community. Qualifications Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments. Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2). Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS). Strong knowledge of security automation, CI/CD integration, and DevSecOps practices. Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity. Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments. Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences. Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement. Familiarity with security-related compliance requirements and standards relevant to SaaS businesses. You are A technical leader and trusted advisor, able to set direction and inspire others to raise the bar on security. Proactive, curious, and passionate about solving complex security challenges at scale. Collaborative and inclusive, thriving in cross-functional teams and valuing diverse perspectives. Committed to continuous learning, staying ahead of emerging threats and technologies. Driven by Culture Amp’s mission to create a better world of work, and excited to amplify our impact through secure, innovative technology. Benefits Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success. Programs, coaching, and budgets to help you thrive personally and professionally. Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people. Monthly Camper Life Allowance: An automatic allowance paid out each month with your pay - you can spend it however you like to help improve your experience and life outside work. Team budgets dedicated to team building activities and connection. Intentional quarterly wellbeing pauses: A quarterly company-wide shutdown day in each region to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time. Extended year-end breaks: An extended refresh period at the end of year. Excellent parental leave and in work support program available from day 1 of joining Culture Amp. 5 Social Impact Days a year to make a positive impact on the community outside of work. MacBooks for you to do your best & a work from home office budget to spend on setting up your home office. Medical insurance coverage for you and your family (Available for US & UK only). We have a strong commitment to diversity, equity, and inclusion, with Employee Resource Groups and ally communities in place. We are committed to anti-racism and lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti‑Racism here. We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding roles in Germany). These questions are completely optional, but your participation truly helps. By sharing this anonymous information, you support our efforts to build a more inclusive and equitable hiring process—and help us hold ourselves accountable to that commitment. Your responses are entirely confidential and will not impact hiring decisions. #J-18808-Ljbffr