Application Security Engineer

Job Title:

Application Security Engineer

About Trellix  
Trellix is a global company redefining the future of cybersecurity. The company’s comprehensive, open, and native cybersecurity platform helps organizations confronted by today’s most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through artificial intelligence, automation, and analytics to empower over 50,000 business and government customers with responsibly architected security. More at https://trellix.com.

Role Overview:

As a key member of the Information Security team, reporting to the Manger of Application Security, you will own the vulnerability management lifecycle and champion secure engineering. Your primary goal is to bridge the gap between security findings and development solutions. In this role, you will protect our multi-cloud and on-premise environments by partnering with DevOps to turn risk insights into automated defense and rapid remediation.

About the role:

• Lifecycle Management: You will drive the full vulnerability process from discovery and risk prioritization to coordinating remediation with engineering teams.

• Offensive Security: You will lead dynamic testing efforts, including automated DAST scans, targeted penetration tests, and the triage of Bug Bounty submissions.

• Cloud Integration: You will partner with DevOps to secure infrastructure-as-code (IaC) and container deployments, ensuring security is embedded by design.

• Automation: You will write scripts (Python/Bash) to automate workflows, correlate security data, and eliminate manual ticketing toil.

• Advisory: You will act as a technical Subject Matter Expert (SME), guiding developers on how to fix code vulnerabilities, manage secrets, and secure open-source dependencies.
   

About you:

• You are a collaborative problem-solver who views security as an enabler, building strong relationships with development and infrastructure teams.

• You have a background in Application Security or Vulnerability Management and can translate complex risks into clear, actionable guidance for engineers.

• You are comfortable working with modern cloud architectures and understand how to secure pipelines, containers, and web applications (OWASP Top 10).

• You have a passion for automation and bring the scripting skills necessary to streamline repetitive security tasks.

• Utilize Black Duck/SCA tools to monitor open-source risks, ensuring third-party libraries are secure and license-compliant.

• Act as an engineering SME, providing actionable guidance to remediate vulnerabilities discovered via SDL scans (e.g., SAST, DAST, manual audits).

• Partner with DevOps/CloudOps to embed security into cloud-native environments, ensuring IaC (Terraform/CloudFormation) and containerized deployments remain resilient.

• Develop scripts (Python, Bash, or PowerShell) to automate repetitive tasks, including data correlation between security toolsets and auto-ticketing.

• Oversee the secure implementation of secrets management solutions to eliminate hardcoded credentials.

Company Benefits and Perks:

We believe that the best solutions are developed by teams who embrace each other's unique experiences, skills, and abilities. We work hard to create a dynamic workforce where we encourage everyone to bring their authentic selves to work every day. We offer a variety of social programs, flexible work hours and family-friendly benefits to all of our employees.

• Retirement Plans

• Medical, Dental and Vision Coverage

• Paid Time Off

• Paid Parental Leave

• Support for Community Involvement

We're serious about our commitment to a workplace where everyone can thrive and contribute to our industry-leading products and customer support, which is why we prohibit discrimination and harassment based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Our Commitment to You:

At Trellix, we are committed to creating a safe and trustworthy experience for our customers, employees, and candidates. Please be aware that fraudulent recruiting activity can occur through fake job postings or impersonated communications.

Trellix conducts interviews through professional channels only and does not use text messages, instant messaging, or group chats for interviews. We will never request sensitive personal information—such as your date of birth, Social Security number, or national ID number—during the interview process.

Trellix also does not require candidates to pay fees, purchase products or services, or process payments of any kind as part of the recruiting or hiring process. And Trellix will never keep any original work authorization documents that we may be required to review during the hiring process.