CrawlJobs Logo

Filters

Location
Salary

Staff Application Security Engineer Jobs

5 Job Offers

Staff Application Security Engineer
Save Icon
Location Icon
Location
United States
Salary Icon
Salary
150290.60 - 180348.72 USD / Year
sunrun.com Logo
Sunrun
Expiration Date
Until further notice
Staff Application Security Engineer
Save Icon
Lead secure architecture for critical healthtech systems in Sydney. As a Staff Application Security Engineer, you'll design secure patterns, threat model features, and build reusable security components. This hybrid role requires deep expertise in modern application architectures and distributed ...
Location Icon
Location
Australia , Sydney
Salary Icon
Salary
Not provided
heidihealth.com Logo
Heidi
Expiration Date
Until further notice
Staff Application Security Engineer
Save Icon
Location Icon
Location
United States , San Francisco
Salary Icon
Salary
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Staff Application Security Engineer
Save Icon
Join Braze as a Staff Application Security Engineer in Austin. Leverage your 10+ years of experience to protect our modern SaaS platform and guide development teams on secure architecture. You will conduct advanced penetration testing, handle complex incident response, and provide expert risk mit...
Location Icon
Location
United States , Austin
Salary Icon
Salary
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Staff Application Security Engineer
Save Icon
Location Icon
Location
United States , Chicago
Salary Icon
Salary
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice

About the Staff Application Security Engineer role

Staff Application Security Engineer jobs represent a senior-level career path for cybersecurity professionals who specialize in protecting software applications from threats and vulnerabilities throughout the entire development lifecycle. Unlike entry-level security roles focused on routine monitoring or basic testing, Staff Application Security Engineers are strategic leaders who partner closely with software development, product, and IT teams to embed security into the very fabric of how applications are designed, built, deployed, and maintained.

The core mission of a Staff Application Security Engineer is to shift security left—meaning they identify and mitigate risks as early as possible, ideally during the design and coding phases rather than after deployment. Common responsibilities include conducting comprehensive threat modeling exercises to anticipate potential attack vectors and designing defense-in-depth strategies that address risks across infrastructure, first-party applications, third-party integrations, and identity systems. They champion secure software development life cycle (SSDLC) practices, establishing secure coding standards, performing code reviews, and integrating automated security testing tools such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) into continuous integration and deployment pipelines.

Identity and access management (IAM) is another critical domain within these roles. Staff Application Security Engineers design and implement robust authentication and authorization frameworks, including multi-factor authentication (MFA), single sign-on (SSO), and modern standards like WebAuthn. They often drive the adoption of zero-trust architecture principles, ensuring that every access request is verified and least-privilege policies are enforced. Additionally, they create reusable security libraries, templates, and reference architectures that enable development teams to adopt secure patterns with minimal friction, scaling security impact beyond individual project reviews.

Typical skills and requirements for Staff Application Security Engineer jobs include extensive experience—often seven to ten years or more—in application security, with deep knowledge of common vulnerabilities such as the OWASP Top 10 and secure coding practices. Proficiency in programming languages like Java, Python, JavaScript, or Ruby is essential, as is hands-on experience with cloud environments such as AWS or GCP and their native security controls. Strong familiarity with security testing tools, web application firewalls (WAFs), and incident response procedures is expected.

Equally important are soft skills: critical thinking, creative problem-solving, and the ability to communicate complex technical risks to diverse audiences, from developers to executive stakeholders. Staff Application Security Engineers operate with high autonomy, taking ambiguous security challenges from discovery through to architecture and rollout. They are pragmatic, balancing security rigor with product delivery realities, and they build leverage through standards, shared components, and clear guidance rather than relying solely on one-off manual reviews. Ultimately, these professionals are trusted advisors and technical leaders who build a culture of security awareness and proactive risk management across their organizations.