Application Security Engineer Prin

Location: United States

Dayforce is a global human capital management (HCM) company headquartered in Toronto, Ontario, and Minneapolis, Minnesota, with operations across North America, Europe, Middle East, Africa (EMEA), and the Asia Pacific Japan (APJ) region. 

Our award-winning Cloud HCM platform offers a unified solution database and continuous calculation engine, driving efficiency, productivity and compliance for the global workforce.

Our brand promise - Makes Work Life Better™ - Reflects our commitment to employees, customers, partners and communities globally. 

About the opportunity

As an Application Security Engineer, you’ll play a critical role in helping our engineering teams design and build secure, resilient applications. You’ll lead hands-on product security assessments, collaborate on secure architecture and threat modeling, and influence engineering practices to raise the bar for software security across our organization.

What you'll get to do

Lead product security reviews: Drive security assessments across applications and services - including web applications, APIs, and microservices -through code reviews, threat modeling, and dynamic/static analysis. 

Influence architecture and design: Serve as a security thought partner for product architects and engineers. You'll guide threat modeling efforts, assess technical risk, and champion security best practices throughout the SDLC.

Drive strategic initiatives: Own high-impact security projects that shape the future of our product security posture. Past initiatives have included supply chain security automation, advanced SAST/DAST integrations, and secure development training programs.

Identify and support remediation of vulnerabilities: Leverage available tools (e.g., static/dynamic analysis, scanning platforms, and internal reports) to investigate security issues, assess root causes, and design effective remediation strategies. Partner closely with engineering teams to provide guidance and support throughout the implementation of fixes, ensuring they align with security best practices.

Enable engineering teams: Scale security through enablement: Build frameworks, guidance, and tooling that empower engineering teams to independently build secure systems. Act as a mentor and subject matter expert across teams.

Skills and experiences we value 

• Hands-on experience in application or product security, with a strong foundation in software engineering and secure system design
• Strong technical depth, with experience in at least one modern programming language (e.g. C#, Java, Python)
• Strong understanding of API security principles, including authentication and authorization models (OAuth2, OIDC), token-based security, and common API vulnerabilities
• Familiarity with secure CI/CD practices and software supply chain security
• Cloud security expertise, particularly in Azure and/or AWS, including familiarity with IAM, containerization, networking, and native security controls
• Experience defining or scaling application security programs, practices, or tooling in a cloud-native environment
• Proven ability to analyze complex systems and codebases, especially within distributed, microservices-based environments
• Excellent communication skills, with the ability to clearly articulate risk and security trade-offs to technical and non-technical stakeholders
• Experience with static and dynamic analysis tools, Atlassian suite and pentesting tools (Burp, sqlmap)
• Ability to perform black-box and grey-box testing of web applications and APIs 

What would make you really stand out

• Prior experience in a SaaS or cloud-native environment
• Contributions to open-source security tools or research
• CISSP, CEH/OSCP certifications