Staff Engineer Application Security

About Appen
Appen is a leader in AI enablement for critical tasks such as model improvement, supervision, and evaluation. To do this we leverage our global crowd of over one million skilled contractors, speaking over 180 languages and dialects, representing 130 countries. In addition, we utilize the industry's most advanced AI-assisted data annotation platform to collect and label various types of data like images, text, speech, audio, and video.

Our data is crucial for building and continuously improving the world's most innovative artificial intelligence systems and Appen is already trusted by the world's largest technology companies. Now with the explosion of interest in generative AI, Appen is helping leaders in automotive, financial services, retail, healthcare, and governments the confidence to deploy world-class AI products.

At Appen, we are purpose driven. Our fundamental role in AI is to ensure all models are helpful, honest, and harmless, so we firmly believe in unlocking the power of AI to build a better world. We have a learn-it-all culture that values perspective, growth, and innovation. We are customer-obsessed, action-oriented, and celebrate winning together.

At Appen, we are committed to creating an inclusive and diverse workplace. We are an equal opportunity employer that does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

At Appen, we are at the forefront of data annotation and AI innovation, powering the world's most advanced machine learning models. As we continue to grow, we are committed to maintaining the highest standards of security and data integrity. We are looking for a passionate and experienced Staff Engineer specializing in Application Security to join our team and help us secure our products and platforms.

Key Responsibilities

• As a Staff Engineer - Application Security, you will play a pivotal role in safeguarding our applications, ensuring they are secure by design. You will collaborate with cross-functional teams, including Engineering, DevOps, and Product, to identify potential vulnerabilities, define security best practices, and implement robust security measures.
• Lead the design and implementation of application security architecture across our SaaS platforms.
• Conduct security assessments, threat modelling, and code reviews to identify and mitigate vulnerabilities.
• Perform technical security assessments and reviews, research, uncover, and reproduce vulnerabilities, design secure protocols and systems, and write tests and fuzzers to drive architecture changes
• Collaborate with Engineering and Platform teams to integrate security best practices into the CI/CD pipeline.
• Perform penetration testing, security audits, and vulnerability assessments.
• Develop and maintain secure coding standards, guidelines, and training programs for engineering teams.
• Implement and manage security tools such as SAST, DAST, and other security automation solutions.
• Stay up to date with emerging security threats, technologies, and industry best practices.
• Respond to security incidents and work with incident response teams to investigate and remediate issues.
• Mentor and guide junior security engineers, fostering a culture of security awareness and continuous improvement.
• Review, develop and document secure operational best practices, and provide security guidance for engineers and various internal and external partners
• Develop and manage a secure software development lifecycle
• Research, recommend, and develop security tools and technologies to strengthen defenses against emerging threats and vulnerabilities

Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
• 10+ years of experience in Application Security, including secure software development and architecture.
• Strong knowledge of secure coding practices, OWASP Top 10, and common application vulnerabilities.
• Hands-on experience with security tools such as Snyk, SonarCloud, Burp Suite, Nessus, and others.
• Threat detection and incident response: familiar with security incidents, ability to develop proactive strategies to mitigate risks through close collaboration with teams.
• Familiarity with cloud security principles, preferably in AWS environments.
• Experience with CI/CD pipelines and integrating security into DevOps workflows (DevSecOps).
• Strong scripting and automation skills (e.g., Python, Bash, or similar).
• Excellent problem-solving skills and the ability to think like an attacker.
• Relevant certifications such as CISSP, OSCP, CEH, or similar are highly desirable.
• Relevant work experience in offensive security, penetration testing or red teaming

Preferred Experience

• Experience securing SaaS applications built with Java Spring and React.
• Familiarity with container security in Kubernetes (EKS) environments.
• Knowledge of compliance standards such as GDPR, SOC 2, or ISO 27001.
• Exposure to monitoring and alerting tools like New Relic, Datadog, or similar.

Appen is the global leader in data for the AI Lifecycle with more than 25 years' experience in data sourcing, annotation, and model evaluation. Through our expertise, platform, and global crowd, we enable organizations to launch the world's most innovative artificial intelligence products with speed and at scale. Appen maintains the industry's most advanced AI-assisted data annotation platform and boasts a global crowd of more than 1 million contributors worldwide, speaking more than 235 languages. Our products and services make Appen a trusted partner to leaders in technology, automotive, finance, retail, healthcare, and government. Appen has customers and offices globally.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.