Ready to be a Titan?
At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an exceptional Staff Application Security Engineer to help us build a "Secure Paved Road"—an automated, self-service ecosystem that enables our 80+ R&D squads to build securely by default.
This role will define and scale how secure software is built at ServiceTitan by embedding security directly into the development lifecycle, from code to production. It will reduce organizational risk by automating detection and remediation of vulnerabilities, standardizing secure architecture patterns, and eliminating entire classes of security issues at their source. By partnering closely with engineering, this role will drive a shift toward secure by default development while continuously validating defenses through testing, threat modeling, and proactive simulation.
What you’ll do:
Build the Secure Paved Road (Pipeline and Code)
- **Pipeline Automation: **Deeply integrate GitHub Advanced Security into the CI/CD pipeline to act as automated checkpoints, providing fast feedback to engineers without manual intervention.
- **Secure by Default Code: **Collaborate with Engineering to develop and maintain secure microservice templates and libraries with embedded security controls.
- **Secrets and Supply Chain: **Lead hardcoded secrets mitigation efforts by automating detection and building workflows to validate compromised credentials via API.
- Secure SDLC Practices: Drive cross functional initiatives to establish and continuously improve secure software development lifecycle practices across the organization.
Continuous Security Testing and Validation
- Penetration Testing: Lead onboarding and operation of continuous penetration testing capabilities across web applications and services.
- Security Assessments: Participate in and help scale internal security assessments, penetration testing, and bug bounty programs.
- Tooling Ownership: Evaluate, prototype, implement, and operate security tools including DAST, SAST, and SCA.
- **Simulation and Validation: **Run proactive simulations based on emerging threats to validate defenses and identify gaps.
Architecture and Threat Modeling
- **Security Design Reviews: **Lead security design reviews and threat modeling for new and existing services.
- **Secure Architecture: **Develop and maintain secure architecture standards, frameworks, and reusable patterns across multiple layers of the stack.
- **Emerging Threat Analysis: **Continuously analyze evolving security threats, determine relevance, and implement centralized mitigations.
Operational Support and Engineering Partnership
- **Technical Leadership: **Act as the AppSec technical expert for the Security Champions Program, guiding engineers on vulnerability remediation and secure coding practices.
- **Contextual Training: **Implement just in time training mechanisms that help engineers remediate vulnerabilities as they are introduced.
- Triage to Automate: Own initial triage of vulnerability findings, identify patterns, and drive automation and guardrails to reduce recurring issues.
- Incident Response: Participate in security incident response and support post incident analysis and remediation efforts.
Continuous Improvement and Expertise
Maintain strong knowledge of current security threats, vulnerabilities, and operational best practices, applying that knowledge to continuously improve the organization’s security posture.
What you’ll bring:
- Experience: 7-10+ years of experience in Product/Application Security, with a strong background in software engineering.
- Coding Expertise: Proficiency in C#/.NET (preferred) or Go/Java. You must be able to read code to find vulnerabilities and write code to fix them.
- Modern AppSec: Experience moving security "left" using tools like GitHub Advanced Security (GHAS), dependency scanners, and secret detectors.
- Automation Mindset: Proven ability to script (Python, Go, PowerShell) and automate security tasks. You prefer building a tool to solve a problem over fixing it manually.
- AI Forward: Interest in the intersection of AI and Security, specifically in securing AI workloads, leveraging AI capabilities to embed security throughout the SDLC, and using AI agents for defense.
Why this role?
Own Outcomes, Not Activity: Your success will be measured by real risk reduction. You will directly influence vulnerability backlog reduction, remediation velocity, and the overall security posture of the organization.
Operate at the Intersection of Engineering and Security: You will work side by side with engineering teams to shape how software is built, secured, and deployed. This role gives you the platform to influence architecture, development practices, and platform level controls.
Lead the Next Evolution of AppSec: You will help define how modern security teams leverage automation and intelligent systems to scale. From secure by design patterns to autonomous testing and remediation, you will be pushing the boundaries of how security is done.
High Ownership, High Leverage: You will have the autonomy to identify problems, design solutions, and implement them end to end. The work you do will scale across teams and services, amplifying your impact well beyond a single application or domain.
Be Human With Us:
Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us.
Use of AI Technology:
We use technology, including automated and AI-assisted tools, to support certain aspects of our recruitment process. These tools are designed to improve efficiency and enhance the candidate experience. AI tools are not used to make hiring decisions; all hiring decisions are made by our hiring teams.
What We Offer: When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career:
- Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more.
- Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical.
- Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more.
At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
ServiceTitan is committed to fair and equitable compensation for all of our employees. We thoughtfully consider a wide range of factors when determining individual compensation.The expected salary range for this role for candidates residing in the United States is between $152,600 USD - $204,200 USD. Compensation for candidates residing outside the United States will vary by location and the specific salary range will be discussed during the hiring process. Actual compensation for an individual may vary depending on skills, performance over time, qualifications, experience, and location. In addition to the base salary, the total compensation package also includes an annual bonus, equity and a holistic suite of benefits.