Senior Application Security Engineer

Where we work

Udemy is a global company headquartered in San Francisco, with additional U.S. offices in Denver and Austin, and international hubs in Australia, India, Ireland, Mexico, and Türkiye. This is an in-office position, requiring three days a week in the office (Tuesday, Wednesday, Thursday) and flexibility on Mondays and Fridays.

About this role

• Security and trust are vital to the Udemy business model and integral to product development. 

• Partner with cross-functional Product Development and Engineering, Trust and Safety, and Data Science teams to help conceptualize and develop world-class solutions.

• Foster a community of security and privacy champions.

What you’ll be doing

• Responsible for operations and projects to promote secure coding, safeguard developers' applications, and enhance productivity.  

• Conduct security reviews to identify software application vulnerabilities, defects, and risks.

• Perform and manage code scans to assess the effectiveness of security controls, reduce potential weaknesses, and develop security tools to simplify processes. 

• Drive application security enhancements to improve the overall security posture on the platform.

What you’ll have

• 5+ years of professional experience in application security.

• 5+ years of experience writing and maintaining code in at least one programming language, such as Python, JavaScript, or Kotlin, and a desire to learn new languages and Django and Spring Boot technologies.

• Participate in 24x7 on-call rotation, secure code reviews, identity and access management, and software development.

• Experience with Secure Software Development Lifecycles and security by design principles. 

• Manage threat modeling and knowledge of product security and integrations.