Application Security Engineer

Hybrid work

Udemy is headquartered in San Francisco with global offices in Australia, India, Ireland, Türkiye, and other US locations. Our robust hybrid work model spans San Francisco, Denver, Ankara, Dublin, Mexico City and Melbourne. 

This hybrid position requires two days per week in the office at the nearest hub. 

__________________________________________________________________________________________________

About You 

You’re an analytical problem-solver ready to put your skills toward purposeful work that has a global impact. You want to lead the way in innovation, exploring the latest technologies and finding new solutions. You thrive in a collaborative environment and are eager to work with and learn alongside the best in Product, Design, and Engineering.

About this role 

As an Application Security Engineer, you will be pivotal in ensuring that security is woven into the fabric of our software development processes. You will collaborate closely with development teams to implement "developer-first" and "shift-left" approaches to security, enabling teams to build secure applications from the ground up. Leveraging your deep understanding of application security frameworks and principles, you will help instill a security-first mindset across the organization.

What you'll be doing

Key Responsibilities:

• Security Integration: Collaborate with development teams to integrate security practices into all phases of the software development lifecycle (SDLC) using "shift-left" principles.
• Developer Enablement: Advocate for and implement "developer-first" security tools and processes that empower developers to write secure code without sacrificing agility.
• Framework Expertise: Utilize your expertise in key application security frameworks (e.g., OWASP Top 10, SANS Top 25) to assess and enhance the security of our applications.
• Code Reviews: Conduct security-focused code reviews and provide actionable feedback to developers.
• Security Champions Program: Lead and expand our Security Champions program by identifying and mentoring developers across the organization to be security advocates.
• Vulnerability Management: Work with teams to identify, prioritize, and remediate security vulnerabilities in applications.
• Threat Modeling: Collaborate with teams to perform threat modeling, identifying potential security risks early in the development process.
• Red Teaming: Work in a proactive and non-destructive manner to continually test internal services for vulnerabilities and weaknesses.  Consult with the corresponding product owners and engineering teams to prioritize and correct any issues identified.
• Continuous Improvement: Stay updated on the latest security trends and continuously improve our security practices, tools, and frameworks.
• Training & Awareness: Develop and deliver training sessions to improve the security knowledge and skills of our development teams.

What you’ll have

• Experience: 3+ years of experience in application security with a background in software development.
• Technical Skills: Proficiency in at least one programming language (e.g., Java, Python, JavaScript, etc.) and familiarity with CI/CD pipelines and tools.
• Framework Knowledge: Deep understanding of application security frameworks and standards (OWASP Top 10, SANS Top 25, NIST, etc.).
• Developer Tools: Experience with developer-centric security tools (e.g., SAST, DAST, SCA, etc.).
• Security Principles: Strong grasp of secure coding practices, threat modeling, and vulnerability management.
• Collaboration: Excellent communication skills and the ability to work effectively with cross-functional teams.
• Mindset: A proactive, "security-as-code" mindset, with a focus on embedding security into every stage of the development process.

Preferred Qualifications:

• Experience in cloud security and understanding of cloud-native applications.
• Knowledge of container security and microservices architecture.
• Certifications such as CISSP, CEH, or equivalent.

We understand that not everyone will match each of the above qualifications. However, we also realize that everyone has unique experiences that can add value to our company. Even if you think your background might not perfectly align, we'd love to hear from you!

Life at Udemy

We aspire to be as vibrant and dynamic as the communities we serve, as inquisitive as those who use our platform, and as revolutionary as the future we strive to open for everyone. Here are some of the things we love about life at Udemy:

•  We’re invested in creating an inclusive environment that welcomes a diverse range of backgrounds and experiences. From creating employee resource groups, ensuring we’re a Fair Pay Workplace, and building a flexible work culture, our belonging, equity, diversity, and inclusion (BEDI) initiatives always put our people first. We want you to be able to bring your authentic self to work because when we all do, we’re better for it.
  
  
• Learning is what we do – inside and out. Our Learning & Development team is second to none, helping ensure your journey is one of continuous progression. You’ll also have unlimited access to Udemy courses, monthly UDays (meeting-free professional development days), and a generous annual professional development stipend.
  
  
• Our reason to exist is to revolutionize learning – that calls for taking risks and learning from failures. Whether it’s our hackathons (a company-wide effort to envision new possibilities for our product) or sharing our prototypes, we see experimentation as a crucial step on the path to success.
  
  
• We’re committed to creating world-class employee experiences and are proud of the recognition of this by Great Place to Work. 

Of course, the best thing about being part of Udemy is knowing your work makes a difference for people and organizations around the world. You’ve got the skills; why not use them to help others develop theirs?

At Udemy, we value diversity and inclusion and consider qualified applicants without regard to race, color, religion, sex, national origin, ancestry, age, genetic information, sexual orientation, gender identity, marital or family status, veteran status, medical condition, or disability. We will consider for employment qualified applicants with arrest and conviction records.

Why Udemy?

• Innovation-Driven: Be part of a team that values innovation and encourages creative security solutions.
• Impactful Role: Directly influence the security posture of our products and services.
• Growth Opportunities: Opportunities for professional development and career advancement.
• Inclusive Culture: Work in an inclusive environment that promotes diversity and values each team member’s unique contributions.

Udemy Mexico Benefits

Our benefits are designed to support you and your family with the protection and care you need, ensuring easy access to the right coverage when it matters most. Here’s a snapshot of the key benefits for full-time Udemates based in Mexico:

Core Benefits:

• Medical, Dental, and Vision Coverage: Includes maternity, private hospital, dental, and vision benefits for employees and eligible dependents.
• Life Insurance: 12x monthly base salary, with a Free Cover Limit of MXN 7.5 million.

Financial Benefits:

• Grocery Vouchers: Monthly vouchers valued at $2,200 MXN.
• Teleworking Allowance: $800 MXN monthly.
• Savings Fund: Both you and Udemy contribute 13% of your monthly salary, capped to 1.3 times the UMA value.
• Christmas Bonus: Equivalent to 30 days of your current salary.
• Vacation Bonus: 25% premium on your vacation days.

Time Off Benefits:

• Holidays: Udemy observes 12 public holidays in Mexico.
• Annual Leave: 12 days of annual leave per year.
• Sick Leave: 10 days of paid sick leave per year.
• Family Bonding: 12 weeks of maternity leave or partner leave for bonding after the birth or adoption of a child.
• Bereavement Leave: Up to 20 working days for the loss of a loved one.

Wellbeing Benefits:

• Maven (Reproductive Health): Unlimited virtual appointments and $25,000 lifetime benefit for fertility, adoption, and surrogacy.
• Modern Health (Therapy and Coaching): 10 sessions with therapists and 10 sessions with coaches per year.
• Origin (Financial Planning): Free access to Certified Financial Planners for you and your spouse.
• Workplace Options (EAP): 24/7 support for family, stress, caregiving, financial, and legal issues.

Additional Perks:

• Udemy Courses: Free and unlimited access to Udemy’s Marketplace and Udemy Business.
• Home Office Reimbursement: $500 one-time reimbursement and $35 monthly for work-from-home needs.