Software Engineer, Application Security

Position Overview

Glean is seeking an experienced Application Security Engineer dedicated to ensuring that our technology stack remains secure and free of software vulnerabilities (CVEs). You will secure our base OS images, continuously scan and patch open-source software dependencies, and integrate state-of-the-art security tools into our CI/CD pipeline. In this role, you will lead the vulnerability management charter by identifying, evaluating, and implementing new security technologies and processes to proactively protect our infrastructure. This position is hybrid, working 3-4 days a week at one of our SF Bay Area offices.

Key Responsibilities

• Own and lead the vulnerability management lifecycle to ensure the tech stack is free of known CVEs.
• Implement and manage secure base OS images, hardening underlying systems against threats.
• Continuously scan, monitor, and patch OSS dependencies to mitigate supply chain risks.
• Research and evaluate trusted open-source security solutions such as Google's Assured Open Source Software and recommend their adoption.
• Collaborate with engineering teams to integrate SAST, DAST, and dependency scanning tools into the CI/CD pipeline.
• Define and maintain secure coding best practices for Glean engineers.
• Develop automated security validation tests to support vulnerability-free deployments.
• Lead the adoption and development of custom security solutions to manage risks at scale.
• Provide security guidance, training, and mentorship to foster a security-first culture.

Required Qualifications

• BA/BS in Computer Science, Cybersecurity, or a related field (or equivalent industry experience).
• 5+ years of experience in application security and vulnerability management.
• Deep understanding of software security vulnerabilities including CVEs, OWASP Top 10, and supply chain risks.
• Experience with SAST, DAST, dependency scanning, and vulnerability management tools (e.g., Snyk, GitHub Dependabot, Trivy, Clair, Burp Suite, OWASP ZAP).
• Familiarity with package managers (npm, pip, Maven, Go modules) and securing open-source dependencies.
• Coding experience in languages such as Go, Python, Java, or C++ to develop security test cases and tooling.
• Hands-on experience with cloud-native security best practices across AWS, GCP, or Azure.
• Knowledge of container security, Kubernetes security, and securing microservices architectures.
• A strong proactive approach to security with excellent problem-solving skills.
• Experience in fast-paced, cross-functional, collaborative environments.
• Passion for open-source security and staying updated with the latest industry trends.

Benefits & Perks

• Competitive compensation
• Medical, Vision, and Dental coverage
• Flexible work environment and time-off policy
• 401k plan
• Company events
• Home office improvement stipend upon joining
• Annual education stipend
• Wellness stipend
• Healthy lunches and dinners provided daily
• Compensation: For California-based applicants, the base salary range is $185,000 - $280,000 annually. Compensation is determined by location, experience, job-related knowledge, skills, and other factors, with some roles eligible for variable compensation, equity, and additional benefits.