Senior Application Security Developer

autodesk· Autodesk Canada Co.
Apply Now ↗
Full timeAutodesk Canada Co.

About this role

Job Requisition ID #

26WD97513

L'affichage de poste en français suivra / The French job posting follows
 

26WD97513, Senior Application Security Developer

Position Overview

Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer’s data and their investment in our products by strengthening our applications, underlying services and network. 

As part of this team, you will help strengthen Autodesk's products by partnering with product and engineering teams to design, build, deploy, and operate secure applications and services. This role focuses on application security across the software development lifecycle, including secure design, threat modeling, code review, vulnerability assessment, secure coding guidance, and security testing in CI/CD pipelines.

You will work across modern cloud-native applications, APIs, services, and developer platforms to identify and mitigate risks such as injection, broken access control, and supply chain weaknesses. As Autodesk continues to adopt AI-enabled features and AI-assisted development workflows, you will also help teams understand and address emerging AI-related risks, including prompt injection, unsafe tool invocation, data exposure, and insecure use of LLM-enabled systems.

Responsibilities

  • Partner with engineering teams to embed security throughout the software development lifecycle, including design reviews, threat modeling, implementation guidance, code review, and release readiness

  • Identify, validate, and help remediate common application security vulnerabilities, including injection, broken access control, authentication and authorization flaws, data leakage, insecure deserialization, and server-side request forgery

  • Support security reviews of AI-enabled applications and AI-assisted development workflows, including risks related to LLM-integrated systems, coding assistants, prompt injection, sensitive data exposure, and unsafe model or tool interactions

  • Develop and maintain secure coding guidance, reusable security patterns, and engineering enablement materials for application, API, cloud, and data protection risks

  • Integrate and improve application security testing in CI/CD pipelines, including SAST, DAST, SCA, secrets detection, infrastructure-as-code scanning, and other automated controls

  • Provide developer education on secure coding, threat modeling, vulnerability remediation, secure use of third-party components, and safe adoption of emerging technologies

  • Track, prioritize, and report application security risks and trends to continuously improve Autodesk's product security posture

Minimum Qualifications

  • Strong understanding of application security fundamentals, including the OWASP Top 10, secure software design, common vulnerability classes, and practical mitigation techniques

  • Hands-on experience securing modern web applications, APIs, microservices, and cloud-native systems

  • Experience performing secure design reviews, threat modeling, code reviews, vulnerability assessments, or penetration testing

  • Practical knowledge of authentication, authorization, session management, data protection, input validation, output encoding, and secure API design

  • Experience identifying and mitigating vulnerabilities such as injection, broken access control, insecure deserialization, server-side request forgery, cross-site scripting, data leakage, and insecure configuration

  • Experience integrating security testing and controls into CI/CD pipelines and DevSecOps workflows

  • Familiarity with common application security tooling, such as SAST, DAST, SCA, secrets scanning, container scanning, or API security testing tools

  • Proficiency in scripting or programming, such as Python, JavaScript, Go, Java, or similar languages, for automation, testing, or prototyping

  • Ability to communicate complex security risks clearly and translate them into practical, actionable guidance for engineering teams

  • Familiarity with emerging AI/LLM security risks, such as prompt injection, data exposure, unsafe tool invocation, and secure use of AI coding assistants

Preferred Qualifications

  • Background in application security, product security, or security engineering for large-scale software products or cloud services

  • Experience building or improving secure development lifecycle programs, including developer enablement, security standards, secure design patterns, and automated security controls

  • Familiarity with cloud security concepts across AWS, Azure, or GCP.

  • Experience working with engineering teams to prioritize security findings based on exploitability, business impact, and customer risk

  • Knowledge of software supply chain security, including dependency management, SBOMs, package integrity, build pipeline security, and third-party component risk

  • Experience securing APIs, distributed systems, SaaS platforms, or multi-tenant cloud environments

  • Familiarity with AI-enabled applications, LLM-integrated systems, AI coding assistants, or security testing approaches for AI-assisted development workflows

  • Experience contributing to internal security standards, playbooks, secure coding guidance, or developer training programs

______________________________________________________________________________________________________________

26WD97513, Développeur principal en sécurité des applications

Aperçu du poste

Notre Ă©quipe d’experts en sĂ©curitĂ© aide Autodesk Ă  concevoir, dĂ©velopper, dĂ©ployer et maintenir des produits sĂ©curisĂ©s. Nous intĂ©grons la sĂ©curitĂ© Ă  toutes les Ă©tapes du cycle de vie de nos produits, depuis leur conception initiale, en passant par le dĂ©veloppement et les essais, jusqu’à leur exploitation dans le nuage, ainsi que dans notre capacitĂ© Ă  rĂ©agir Ă  toute menace, existante ou Ă©mergente, pesant sur nos produits ou sur les composants fondamentaux de nos produits et services. Notre mission consiste Ă  garder une longueur d’avance sur les malfaiteurs et Ă  mettre Ă  profit notre expertise, la technologie et d’autres ressources pour contrecarrer leurs tentatives visant Ă  compromettre nos produits et l’environnement dans lequel ils fonctionnent. Notre Ă©quipe se consacre exclusivement Ă  la protection des donnĂ©es de nos clients et de leur investissement dans nos produits en renforçant nos applications, nos services sous-jacents et notre rĂ©seau.

Au sein de cette Ă©quipe, vous contribuerez Ă  renforcer les produits d’Autodesk en collaborant avec les Ă©quipes de produit et d’ingĂ©nierie pour concevoir, dĂ©velopper, dĂ©ployer et exploiter des applications et des services sĂ©curisĂ©s. Ce poste est axĂ© sur la sĂ©curitĂ© des applications tout au long du cycle de vie du dĂ©veloppement logiciel, notamment la conception sĂ©curisĂ©e, la modĂ©lisation des menaces, la rĂ©vision de code, l’évaluation des vulnĂ©rabilitĂ©s, les directives de codage sĂ©curisĂ© et les tests de sĂ©curitĂ© dans les pipelines CI/CD.

Vous travaillerez sur des applications modernes natives du nuage, des API, des services et des plateformes de dĂ©veloppement afin d’identifier et d’attĂ©nuer les risques tels que l’injection, les failles de contrĂŽle d’accĂšs et les vulnĂ©rabilitĂ©s de la chaĂźne d’approvisionnement. Alors qu’Autodesk continue d’adopter des fonctionnalitĂ©s basĂ©es sur l’IA et des flux de travail de dĂ©veloppement assistĂ©s par l’IA, vous aiderez Ă©galement les Ă©quipes Ă  comprendre et Ă  gĂ©rer les risques Ă©mergents liĂ©s Ă  l’IA, notamment l’injection de prompts, l’invocation non sĂ©curisĂ©e d’outils, l’exposition des donnĂ©es et l’utilisation non sĂ©curisĂ©e de systĂšmes basĂ©s sur des modĂšles de langage Ă  grande Ă©chelle (LLM).

Responsabilités

  • Collaborer avec les Ă©quipes d’ingĂ©nierie pour intĂ©grer la sĂ©curitĂ© tout au long du cycle de vie du dĂ©veloppement logiciel, y compris les revues de conception, la modĂ©lisation des menaces, les directives de mise en Ɠuvre, la rĂ©vision du code et la prĂ©paration Ă  la mise en production

  • Identifier, valider et aider Ă  corriger les vulnĂ©rabilitĂ©s courantes en matiĂšre de sĂ©curitĂ© des applications, notamment les injections, les dĂ©faillances du contrĂŽle d’accĂšs, les failles d’authentification et d’autorisation, les fuites de donnĂ©es, la dĂ©sĂ©rialisation non sĂ©curisĂ©e et la falsification de requĂȘtes cĂŽtĂ© serveur

  • Appuyer les examens de sĂ©curitĂ© des applications basĂ©es sur l’IA et des flux de travail de dĂ©veloppement assistĂ©s par l’IA, y compris les risques liĂ©s aux systĂšmes intĂ©grant des LLM, aux assistants de codage, Ă  l’injection de prompts, Ă  l’exposition de donnĂ©es sensibles et aux interactions non sĂ©curisĂ©es entre modĂšles ou outils

  • Élaborer et tenir Ă  jour des directives de codage sĂ©curisĂ©, des modĂšles de sĂ©curitĂ© rĂ©utilisables et des ressources d’appui technique pour les risques liĂ©s aux applications, aux API, au nuage et Ă  la protection des donnĂ©es

  • IntĂ©grer et amĂ©liorer les tests de sĂ©curitĂ© des applications dans les pipelines CI/CD, notamment le SAST, le DAST, le SCA, la dĂ©tection des secrets, l’analyse de l’infrastructure en tant que code et d’autres contrĂŽles automatisĂ©s

  • Offrir aux dĂ©veloppeurs une formation sur le codage sĂ©curitaire, la modĂ©lisation des menaces, la correction des vulnĂ©rabilitĂ©s, l’utilisation sĂ©curitaire des composants tiers et l’adoption sĂ©curitaire des technologies Ă©mergentes

  • Suivre, hiĂ©rarchiser et signaler les risques et les tendances en matiĂšre de sĂ©curitĂ© des applications afin d’amĂ©liorer continuellement la posture de sĂ©curitĂ© des produits d’Autodesk

Qualifications minimales

  • Solide comprĂ©hension des principes fondamentaux de la sĂ©curitĂ© des applications, notamment le Top 10 de l’OWASP, la conception de logiciels sĂ©curisĂ©s, les catĂ©gories courantes de vulnĂ©rabilitĂ©s et les techniques pratiques d’attĂ©nuation

  • ExpĂ©rience pratique de la sĂ©curisation d’applications Web modernes, d’API, de microservices et de systĂšmes natifs du nuage

  • ExpĂ©rience dans la rĂ©alisation d’examens de conception sĂ©curisĂ©e, de modĂ©lisation des menaces, de revues de code, d’évaluations de vulnĂ©rabilitĂ©s ou de tests d’intrusion

  • Connaissances pratiques en matiĂšre d’authentification, d’autorisation, de gestion des sessions, de protection des donnĂ©es, de validation des entrĂ©es, d’encodage des sorties et de conception sĂ©curisĂ©e d’API

  • ExpĂ©rience dans l’identification et l’attĂ©nuation de vulnĂ©rabilitĂ©s telles que l’injection, les failles de contrĂŽle d’accĂšs, la dĂ©sĂ©rialisation non sĂ©curisĂ©e, la falsification de requĂȘtes cĂŽtĂ© serveur, les scripts intersites, les fuites de donnĂ©es et les configurations non sĂ©curisĂ©es

  • ExpĂ©rience dans l’intĂ©gration de tests et de contrĂŽles de sĂ©curitĂ© dans les pipelines CI/CD et les flux de travail DevSecOps

  • Connaissance des outils courants de sĂ©curitĂ© des applications, tels que les outils SAST, DAST, SCA, d’analyse des secrets, d’analyse des conteneurs ou de tests de sĂ©curitĂ© des API

  • MaĂźtrise des langages de script ou de programmation, tels que Python, JavaScript, Go, Java ou des langages similaires, Ă  des fins d’automatisation, de tests ou de prototypage

  • CapacitĂ© Ă  communiquer clairement des risques de sĂ©curitĂ© complexes et Ă  les traduire en conseils pratiques et exploitables pour les Ă©quipes d’ingĂ©nierie

  • Connaissance des risques de sĂ©curitĂ© Ă©mergents liĂ©s Ă  l’IA et aux modĂšles de langage Ă  grande Ă©chelle (LLM), tels que l’injection de prompts, l’exposition des donnĂ©es, l’invocation non sĂ©curisĂ©e d’outils et l’utilisation sĂ©curisĂ©e des assistants de codage basĂ©s sur l’IA

Qualifications souhaitées

  • ExpĂ©rience en sĂ©curitĂ© des applications, en sĂ©curitĂ© des produits ou en ingĂ©nierie de sĂ©curitĂ© pour des produits logiciels Ă  grande Ă©chelle ou des services en nuage

  • ExpĂ©rience dans la mise en place ou l’amĂ©lioration de programmes de cycle de vie de dĂ©veloppement sĂ©curisĂ©, y compris l’autonomisation des dĂ©veloppeurs, les normes de sĂ©curitĂ©, les modĂšles de conception sĂ©curisĂ©s et les contrĂŽles de sĂ©curitĂ© automatisĂ©s

  • Connaissance des concepts de sĂ©curitĂ© en nuage sur AWS, Azure ou GCP.

  • ExpĂ©rience de collaboration avec des Ă©quipes d’ingĂ©nierie pour hiĂ©rarchiser les constatations de sĂ©curitĂ© en fonction de l’exploitabilitĂ©, de l’impact sur l’entreprise et du risque pour le client

  • Connaissance de la sĂ©curitĂ© de la chaĂźne d’approvisionnement logicielle, y compris la gestion des dĂ©pendances, les SBOM, l’intĂ©gritĂ© des paquets, la sĂ©curitĂ© des pipelines de compilation et les risques liĂ©s aux composants tiers

  • ExpĂ©rience en matiĂšre de sĂ©curisation des API, des systĂšmes distribuĂ©s, des plateformes SaaS ou des environnements cloud multi-locataires

  • Connaissance des applications basĂ©es sur l’IA, des systĂšmes intĂ©grant des modĂšles de langage Ă  grande Ă©chelle (LLM), des assistants de codage basĂ©s sur l’IA ou des approches de tests de sĂ©curitĂ© pour les flux de travail de dĂ©veloppement assistĂ©s par l’IA

  • ExpĂ©rience dans l’élaboration de normes de sĂ©curitĂ© internes, de guides d’intervention, de directives de codage sĂ©curisĂ© ou de programmes de formation des dĂ©veloppeurs

Learn More

About Autodesk

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – it’s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. For Canada based roles, we expect a starting base salary between $101,000 and $148,500. Offers are based on the candidate’s experience and geographic location, and may exceed this range. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Belonging
We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/global-belonging

Are you an existing contractor or consultant with Autodesk?

Please search for open jobs and apply internally (not on this external site).

Frequently Asked Questions

What is the salary for the Senior Application Security Developer role at autodesk?
The listed salary for this Senior Application Security Developer position at autodesk is USD 101K+. This is an Full time role.
Where is the Senior Application Security Developer position at autodesk located?
This Senior Application Security Developer role at autodesk is based in 2 Locations, AMER - Canada - Ontario - Offsite/Home, AMER - Canada - Quebec - Offsite/Home. The position is listed as on-site or hybrid. Check the full job description or apply directly to confirm the work arrangement.
Is the Senior Application Security Developer role at autodesk full-time or part-time?
This is listed as a Full time position. It is posted as a Senior Application Security Developer role in the Autodesk Canada Co. department at autodesk.
Which team or department does the Senior Application Security Developer at autodesk belong to?
This Senior Application Security Developer position is part of the Autodesk Canada Co. department at autodesk. See the full job description for more information about the team structure and responsibilities.
How do I apply for the Senior Application Security Developer position at autodesk?
Click the "Apply Now" button on this page. You will be redirected to autodesk's official application portal hosted on workday where you can submit your application directly.
Senior Application Security Developer
autodesk · 💰 USD 101K+
Apply for this role ↗

You'll be redirected to autodesk's official application page on Workday.