Staff Application Security Engineer

Staff Application Security Engineer – Ivanti Are you an experienced Staff Security Engineer driven to deliver cutting‑edge security solutions and champion technical excellence? At Ivanti, you will play a pivotal role in shaping the future of secure digital work by designing and enhancing world‑class products used across the globe. Join our dynamic, collaborative team and make a meaningful difference—helping organizations thrive securely in a fast‑paced, ever‑evolving digital landscape. Your expertise will help safeguard countless users, while empowering innovation at every level. As a Staff Security Engineer at Ivanti, you play a crucial role in safeguarding our products and users against evolving threats. Manage the integration of security best practices throughout all phases of the software development lifecycle, ensuring robust protection of Ivanti’s products, services, and IT assets. Build innovative and scalable security tools, processes, and solutions to proactively detect, remediate, and mitigate vulnerabilities across large and complex codebases. Design secure architectures, perform comprehensive threat modeling, and lead penetration testing and code reviews on both web and mobile applications to maintain the highest levels of security. Partner with development, operations, and architecture teams to deeply embed security into DevOps practices and foster a culture of continuous security awareness throughout the organization. Lead security education initiatives by delivering clear, actionable training and documentation to cross‑functional teams, and by driving vulnerability remediation efforts with stakeholders of varying technical backgrounds. Collaborate with global product and engineering teams, business leaders, and third‑party security vendors to interpret vulnerability reports and coordinate effective security solutions and disclosure programs. Advise stakeholders on prioritizing vulnerabilities, implementing secure coding standards, applying cryptographic techniques, and adopting industry‑leading security protocols and compliance practices. Over 5 years of experience in web application security, with deep technical knowledge of both common and advanced security vulnerabilities, exploitation techniques, and practical remediation strategies. Proven expertise in applied cryptography, threat modeling, vulnerability assessment (including CVSS scoring and penetration testing), as well as secure software development practices across SSDLC and CI/CD pipelines. Experience implementing and maintaining security tools and processes for large‑scale codebases (such as SAST, SCA, DAST, container scanning), and providing secure coding education to developers. Strong programming skills (preferably in Python), with the ability to explain complex security topics clearly to diverse technical and non‑technical stakeholders. Demonstrated ability to work cross‑functionally in collaborative environments, contributing to responsible disclosure, bug bounty, and vulnerability management programs, as well as securing cloud and SaaS environments at scale. Remote‑friendly, flexible schedules: Including health, wellness, and financial plans tailored for you and your family. Global, diverse teams: It is through diverse and inclusive hiring, decision‑making, and commitment to our employees and partners that we will continue to build and deliver world‑class solutions for our customers. Mid‑Senior level Full‑time Research and Engineering Industries: Computer and Network Security, Engineering Services, and Software Development