[Remote] Staff Application Security Engineer
Note: The job is a remote job and is open to candidates in USA. ServiceTitan is transforming product security into a core part of how engineering delivers software. They are seeking a Staff Application Security Engineer to define and scale secure software development practices, automate vulnerability detection, and partner with engineering teams to enhance security throughout the development lifecycle.ResponsibilitiesPipeline Automation: Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual interventionSecure by Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controlsSecrets and Supply Chain: Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via APISecure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organizationPenetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and servicesSecurity Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programsTooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCASimulation and Validation: Run proactive simulations based on emerging threats to validate defenses and identify gapsSecurity Design Reviews: Lead security design reviews and threat modeling for new and existing servicesSecure Architecture: Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stackEmerging Threat Analysis: Continuously analyze evolving security threats, determine relevance, and implement centralized mitigationsTechnical Leadership: Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practicesContextual Training: Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introducedTriage to Automate: Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issuesIncident Response: Participate in security incident response and support post incident analysis and remediation effortsMaintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security postureSkills7-10+ years of experience in Product/Application Security, with a strong background in software engineeringProficiency in C#/.NET (preferred) or Go/Java. You must be able to read code to find vulnerabilities and write code to fix themExperience moving security 'left' using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectorsProven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manuallyInterest in the intersection of AI and Security, specifically in securing AI workloads, leveraging AI capabilities to embed security throughout the SDLC, and using AI agents for defenseBenefitsFlextime, recognition, and support for autonomous workFlexible time off with ample learning and development opportunities to continue growing your careerWe offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and eventsGreat work is rewarded through Bonusly, peer-nominated awards, and moreCompany-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents)FSA and HSA401k matchTelehealth options including memberships to One MedicalParental leave and supportUp to $20k in fertility services (i.e. IUI and IVF)Surrogacy, and adoption reimbursementOn demand maternity support through Maven MaternityFree breast milk shipping through Maven MilkPet insuranceLegal advisory servicesFinancial planning toolsCompany OverviewServiceTitan is a software solution that manages operations for businesses in the home service industry, including scheduling and invoicing. It was founded in 2007, and is headquartered in Glendale, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.servicetitan.com.Company H1B SponsorshipServiceTitan has a track record of offering H1B sponsorships, with 13 in 2026, 54 in 2025, 49 in 2024, 45 in 2023, 73 in 2022, 64 in 2021, 29 in 2020. Please note that this does not guarantee sponsorship for this specific role.