How you can help make a better world of work

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal role in shaping and elevating our application security posture across our global SaaS platform. You’ll be the technical authority for application security, partnering closely with engineering, product, and security teams to embed security best practices throughout the software development lifecycle. Your work will directly protect the data and trust of millions of users, enabling Culture Amp to deliver innovative, secure, and reliable employee experience solutions at scale.

You will drive the strategy and execution of application security initiatives, lead complex security reviews and threat modeling, and scale security through automation and developer enablement. As a senior technical leader, you’ll mentor engineers, influence cross-functional teams, and champion a culture of security awareness and continuous improvement. Your expertise will help us stay ahead of emerging threats, meet compliance requirements, and ensure that security is a core part of our product DNA.

As part of this team of amazing humans, you will

• Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members.
• Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps).
• Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale.
• Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures.
• Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues.
• Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning.
• Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP).
• Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp.
• Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community.

You have

• Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments.
• Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2).
• Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS).
• Strong knowledge of security automation, CI/CD integration, and DevSecOps practices.
• Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity.
• Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments.
• Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences.
• Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement.
• Familiarity with security-related compliance requirements and standards relevant to SaaS businesses.

You are

• A technical leader and trusted advisor, able to set direction and inspire others to raise the bar on security.
• Proactive, curious, and passionate about solving complex security challenges at scale.
• Collaborative and inclusive, thriving in cross-functional teams and valuing diverse perspectives.
• Committed to continuous learning, staying ahead of emerging threats and technologies.
• Driven by Culture Amp’s mission to create a better world of work, and excited to amplify our impact through secure, innovative technology.