Senior Application Security Developer
About this role
Job Requisition ID #
L'affichage de poste en français suivra / The French job posting follows
Â
26WD97513, Senior Application Security Developer
Position Overview
Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customerâs data and their investment in our products by strengthening our applications, underlying services and network.Â
As part of this team, you will help strengthen Autodesk's products by partnering with product and engineering teams to design, build, deploy, and operate secure applications and services. This role focuses on application security across the software development lifecycle, including secure design, threat modeling, code review, vulnerability assessment, secure coding guidance, and security testing in CI/CD pipelines.
You will work across modern cloud-native applications, APIs, services, and developer platforms to identify and mitigate risks such as injection, broken access control, and supply chain weaknesses. As Autodesk continues to adopt AI-enabled features and AI-assisted development workflows, you will also help teams understand and address emerging AI-related risks, including prompt injection, unsafe tool invocation, data exposure, and insecure use of LLM-enabled systems.
Responsibilities
Partner with engineering teams to embed security throughout the software development lifecycle, including design reviews, threat modeling, implementation guidance, code review, and release readiness
Identify, validate, and help remediate common application security vulnerabilities, including injection, broken access control, authentication and authorization flaws, data leakage, insecure deserialization, and server-side request forgery
Support security reviews of AI-enabled applications and AI-assisted development workflows, including risks related to LLM-integrated systems, coding assistants, prompt injection, sensitive data exposure, and unsafe model or tool interactions
Develop and maintain secure coding guidance, reusable security patterns, and engineering enablement materials for application, API, cloud, and data protection risks
Integrate and improve application security testing in CI/CD pipelines, including SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and other automated controls
Provide developer education on secure coding, threat modeling, vulnerability remediation, secure use of third-party components, and safe adoption of emerging technologies
Track, prioritize, and report application security risks and trends to continuously improve Autodesk's product security posture
Minimum Qualifications
Strong understanding of application security fundamentals, including the OWASP Top 10, secure software design, common vulnerability classes, and practical mitigation techniques
Hands-on experience securing modern web applications, APIs, microservices, and cloud-native systems
Experience performing secure design reviews, threat modeling, code reviews, vulnerability assessments, or penetration testing
Practical knowledge of authentication, authorization, session management, data protection, input validation, output encoding, and secure API design
Experience identifying and mitigating vulnerabilities such as injection, broken access control, insecure deserialization, server-side request forgery, cross-site scripting, data leakage, and insecure configuration
Experience integrating security testing and controls into CI/CD pipelines and DevSecOps workflows
Familiarity with common application security tooling, such as SAST, DAST, SCA, secrets scanning, container scanning, or API security testing tools
Proficiency in scripting or programming, such as Python, JavaScript, Go, Java, or similar languages, for automation, testing, or prototyping
Ability to communicate complex security risks clearly and translate them into practical, actionable guidance for engineering teams
Familiarity with emerging AI/LLM security risks, such as prompt injection, data exposure, unsafe tool invocation, and secure use of AI coding assistants
Preferred Qualifications
Background in application security, product security, or security engineering for large-scale software products or cloud services
Experience building or improving secure development lifecycle programs, including developer enablement, security standards, secure design patterns, and automated security controls
Familiarity with cloud security concepts across AWS, Azure, or GCP.
Experience working with engineering teams to prioritize security findings based on exploitability, business impact, and customer risk
Knowledge of software supply chain security, including dependency management, SBOMs, package integrity, build pipeline security, and third-party component risk
Experience securing APIs, distributed systems, SaaS platforms, or multi-tenant cloud environments
Familiarity with AI-enabled applications, LLM-integrated systems, AI coding assistants, or security testing approaches for AI-assisted development workflows
Experience contributing to internal security standards, playbooks, secure coding guidance, or developer training programs
______________________________________________________________________________________________________________
26WD97513, Développeur principal en sécurité des applications
Aperçu du poste
Notre Ă©quipe dâexperts en sĂ©curitĂ© aide Autodesk Ă concevoir, dĂ©velopper, dĂ©ployer et maintenir des produits sĂ©curisĂ©s. Nous intĂ©grons la sĂ©curitĂ© Ă toutes les Ă©tapes du cycle de vie de nos produits, depuis leur conception initiale, en passant par le dĂ©veloppement et les essais, jusquâĂ leur exploitation dans le nuage, ainsi que dans notre capacitĂ© Ă rĂ©agir Ă toute menace, existante ou Ă©mergente, pesant sur nos produits ou sur les composants fondamentaux de nos produits et services. Notre mission consiste Ă garder une longueur dâavance sur les malfaiteurs et Ă mettre Ă profit notre expertise, la technologie et dâautres ressources pour contrecarrer leurs tentatives visant Ă compromettre nos produits et lâenvironnement dans lequel ils fonctionnent. Notre Ă©quipe se consacre exclusivement Ă la protection des donnĂ©es de nos clients et de leur investissement dans nos produits en renforçant nos applications, nos services sous-jacents et notre rĂ©seau.
Au sein de cette Ă©quipe, vous contribuerez Ă renforcer les produits dâAutodesk en collaborant avec les Ă©quipes de produit et dâingĂ©nierie pour concevoir, dĂ©velopper, dĂ©ployer et exploiter des applications et des services sĂ©curisĂ©s. Ce poste est axĂ© sur la sĂ©curitĂ© des applications tout au long du cycle de vie du dĂ©veloppement logiciel, notamment la conception sĂ©curisĂ©e, la modĂ©lisation des menaces, la rĂ©vision de code, lâĂ©valuation des vulnĂ©rabilitĂ©s, les directives de codage sĂ©curisĂ© et les tests de sĂ©curitĂ© dans les pipelines CI/CD.
Vous travaillerez sur des applications modernes natives du nuage, des API, des services et des plateformes de dĂ©veloppement afin dâidentifier et dâattĂ©nuer les risques tels que lâinjection, les failles de contrĂŽle dâaccĂšs et les vulnĂ©rabilitĂ©s de la chaĂźne dâapprovisionnement. Alors quâAutodesk continue dâadopter des fonctionnalitĂ©s basĂ©es sur lâIA et des flux de travail de dĂ©veloppement assistĂ©s par lâIA, vous aiderez Ă©galement les Ă©quipes Ă comprendre et Ă gĂ©rer les risques Ă©mergents liĂ©s Ă lâIA, notamment lâinjection de prompts, lâinvocation non sĂ©curisĂ©e dâoutils, lâexposition des donnĂ©es et lâutilisation non sĂ©curisĂ©e de systĂšmes basĂ©s sur des modĂšles de langage Ă grande Ă©chelle (LLM).
Responsabilités
Collaborer avec les Ă©quipes dâingĂ©nierie pour intĂ©grer la sĂ©curitĂ© tout au long du cycle de vie du dĂ©veloppement logiciel, y compris les revues de conception, la modĂ©lisation des menaces, les directives de mise en Ćuvre, la rĂ©vision du code et la prĂ©paration Ă la mise en production
Identifier, valider et aider Ă corriger les vulnĂ©rabilitĂ©s courantes en matiĂšre de sĂ©curitĂ© des applications, notamment les injections, les dĂ©faillances du contrĂŽle dâaccĂšs, les failles dâauthentification et dâautorisation, les fuites de donnĂ©es, la dĂ©sĂ©rialisation non sĂ©curisĂ©e et la falsification de requĂȘtes cĂŽtĂ© serveur
Appuyer les examens de sĂ©curitĂ© des applications basĂ©es sur lâIA et des flux de travail de dĂ©veloppement assistĂ©s par lâIA, y compris les risques liĂ©s aux systĂšmes intĂ©grant des LLM, aux assistants de codage, Ă lâinjection de prompts, Ă lâexposition de donnĂ©es sensibles et aux interactions non sĂ©curisĂ©es entre modĂšles ou outils
Ălaborer et tenir Ă jour des directives de codage sĂ©curisĂ©, des modĂšles de sĂ©curitĂ© rĂ©utilisables et des ressources dâappui technique pour les risques liĂ©s aux applications, aux API, au nuage et Ă la protection des donnĂ©es
IntĂ©grer et amĂ©liorer les tests de sĂ©curitĂ© des applications dans les pipelines CI/CD, notamment le SAST, le DAST, le SCA, la dĂ©tection des secrets, lâanalyse de lâinfrastructure en tant que code et dâautres contrĂŽles automatisĂ©s
Offrir aux dĂ©veloppeurs une formation sur le codage sĂ©curitaire, la modĂ©lisation des menaces, la correction des vulnĂ©rabilitĂ©s, lâutilisation sĂ©curitaire des composants tiers et lâadoption sĂ©curitaire des technologies Ă©mergentes
Suivre, hiĂ©rarchiser et signaler les risques et les tendances en matiĂšre de sĂ©curitĂ© des applications afin dâamĂ©liorer continuellement la posture de sĂ©curitĂ© des produits dâAutodesk
Qualifications minimales
Solide comprĂ©hension des principes fondamentaux de la sĂ©curitĂ© des applications, notamment le Top 10 de lâOWASP, la conception de logiciels sĂ©curisĂ©s, les catĂ©gories courantes de vulnĂ©rabilitĂ©s et les techniques pratiques dâattĂ©nuation
ExpĂ©rience pratique de la sĂ©curisation dâapplications Web modernes, dâAPI, de microservices et de systĂšmes natifs du nuage
ExpĂ©rience dans la rĂ©alisation dâexamens de conception sĂ©curisĂ©e, de modĂ©lisation des menaces, de revues de code, dâĂ©valuations de vulnĂ©rabilitĂ©s ou de tests dâintrusion
Connaissances pratiques en matiĂšre dâauthentification, dâautorisation, de gestion des sessions, de protection des donnĂ©es, de validation des entrĂ©es, dâencodage des sorties et de conception sĂ©curisĂ©e dâAPI
ExpĂ©rience dans lâidentification et lâattĂ©nuation de vulnĂ©rabilitĂ©s telles que lâinjection, les failles de contrĂŽle dâaccĂšs, la dĂ©sĂ©rialisation non sĂ©curisĂ©e, la falsification de requĂȘtes cĂŽtĂ© serveur, les scripts intersites, les fuites de donnĂ©es et les configurations non sĂ©curisĂ©es
ExpĂ©rience dans lâintĂ©gration de tests et de contrĂŽles de sĂ©curitĂ© dans les pipelines CI/CD et les flux de travail DevSecOps
Connaissance des outils courants de sĂ©curitĂ© des applications, tels que les outils SAST, DAST, SCA, dâanalyse des secrets, dâanalyse des conteneurs ou de tests de sĂ©curitĂ© des API
MaĂźtrise des langages de script ou de programmation, tels que Python, JavaScript, Go, Java ou des langages similaires, Ă des fins dâautomatisation, de tests ou de prototypage
CapacitĂ© Ă communiquer clairement des risques de sĂ©curitĂ© complexes et Ă les traduire en conseils pratiques et exploitables pour les Ă©quipes dâingĂ©nierie
Connaissance des risques de sĂ©curitĂ© Ă©mergents liĂ©s Ă lâIA et aux modĂšles de langage Ă grande Ă©chelle (LLM), tels que lâinjection de prompts, lâexposition des donnĂ©es, lâinvocation non sĂ©curisĂ©e dâoutils et lâutilisation sĂ©curisĂ©e des assistants de codage basĂ©s sur lâIA
Qualifications souhaitées
Expérience en sécurité des applications, en sécurité des produits ou en ingénierie de sécurité pour des produits logiciels à grande échelle ou des services en nuage
ExpĂ©rience dans la mise en place ou lâamĂ©lioration de programmes de cycle de vie de dĂ©veloppement sĂ©curisĂ©, y compris lâautonomisation des dĂ©veloppeurs, les normes de sĂ©curitĂ©, les modĂšles de conception sĂ©curisĂ©s et les contrĂŽles de sĂ©curitĂ© automatisĂ©s
Connaissance des concepts de sécurité en nuage sur AWS, Azure ou GCP.
ExpĂ©rience de collaboration avec des Ă©quipes dâingĂ©nierie pour hiĂ©rarchiser les constatations de sĂ©curitĂ© en fonction de lâexploitabilitĂ©, de lâimpact sur lâentreprise et du risque pour le client
Connaissance de la sĂ©curitĂ© de la chaĂźne dâapprovisionnement logicielle, y compris la gestion des dĂ©pendances, les SBOM, lâintĂ©gritĂ© des paquets, la sĂ©curitĂ© des pipelines de compilation et les risques liĂ©s aux composants tiers
Expérience en matiÚre de sécurisation des API, des systÚmes distribués, des plateformes SaaS ou des environnements cloud multi-locataires
Connaissance des applications basĂ©es sur lâIA, des systĂšmes intĂ©grant des modĂšles de langage Ă grande Ă©chelle (LLM), des assistants de codage basĂ©s sur lâIA ou des approches de tests de sĂ©curitĂ© pour les flux de travail de dĂ©veloppement assistĂ©s par lâIA
ExpĂ©rience dans lâĂ©laboration de normes de sĂ©curitĂ© internes, de guides dâintervention, de directives de codage sĂ©curisĂ© ou de programmes de formation des dĂ©veloppeurs
Learn More
About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software â from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.
We take great pride in our culture here at Autodesk â itâs at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.
When youâre an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!
Salary transparency
Salary is one part of Autodeskâs competitive compensation package. For Canada based roles, we expect a starting base salary between $101,000 and $148,500. Offers are based on the candidateâs experience and geographic location, and may exceed this range. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.Belonging
We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/global-belonging
Are you an existing contractor or consultant with Autodesk?
Please search for open jobs and apply internally (not on this external site).
Frequently Asked Questions
What is the salary for the Senior Application Security Developer role at autodesk?
Where is the Senior Application Security Developer position at autodesk located?
Is the Senior Application Security Developer role at autodesk full-time or part-time?
Which team or department does the Senior Application Security Developer at autodesk belong to?
How do I apply for the Senior Application Security Developer position at autodesk?
You'll be redirected to autodesk's official application page on Workday.