Application Security Engineer

Job Requisition ID # 26WD95371

Position Overview Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer’s data and their investment in our products by strengthening our applications, underlying services and network.

As part of this team, you will help strengthen Autodesk’s products by embedding security directly into the software development lifecycle. You will partner with product and engineering teams to perform secure code reviews, integrate and optimize SAST tooling, and enable developers to identify and remediate vulnerabilities early within their development environments. You will help standardize secure coding practices, drive consistent application security controls across the development process, and ensure solutions align with Autodesk’s security and regulatory requirements. Come grow your application security expertise at scale while empowering teams to build secure software and stay ahead of emerging threats!

Responsibilities

• Perform in-depth secure code reviews across multiple languages and frameworks, identifying vulnerabilities and providing actionable remediation guidance to engineering teams
• Analyse and triage results from Static Application Security Testing (SAST) tools, tuning rules and reducing false positives to improve signal quality
• Partner with development teams to integrate security into the Software Development Lifecycle (SDLC), embedding secure coding practices from design through deployment
• Provide hands-on guidance to engineers within their development environments (IDEs), helping them remediate findings and adopt secure coding practices early in the development process
• Collaborate with product and platform teams to integrate SAST and secure coding checks into CI/CD pipelines and developer workflows
• Develop and maintain secure coding standards, guidelines, and best practices aligned with industry frameworks (e.g., OWASP Top 10)
• Support threat modeling and design reviews by identifying security risks in application architecture and code-level implementations
• Drive “shift-left” security initiatives by enabling developers with tooling, automation, and training to identify and fix vulnerabilities early
• Contribute to developer education through training sessions, documentation, and hands-on workshops focused on secure coding and vulnerability remediation
• Track and report on security findings, trends, and remediation progress to improve overall application security posture

Minimum Qualifications

• Hands-on experience performing secure code reviews and identifying common application vulnerabilities (e.g., OWASP Top 10)
• Practical experience with Static Application Security Testing (SAST) tools (e.g., Checkmarx, Fortify, CodeQL, Semgrep, etc.), including triage and tuning
• Strong understanding of secure coding principles and how vulnerabilities manifest in real-world codebases
• Experience working within modern development environments and IDEs (e.g., VS Code, IntelliJ, Eclipse) and integrating security into developer workflows
• Familiarity with the Software Development Lifecycle (SDLC) and experience embedding security controls into CI/CD pipelines
• Ability to read and understand code in one or more common programming languages (e.g., Java, Python, JavaScript, C/C++, Go)
• Experience collaborating directly with developers to remediate vulnerabilities and improve code quality
• Strong analytical and problem-solving skills with the ability to prioritize and manage multiple findings
• Excellent communication skills, with the ability to explain security issues and remediation steps clearly to engineering teams
• Demonstrated ownership, curiosity, and ability to work cross-functionally with engineering, product, and security stakeholders

Preferred Qualifications

• Bachelor’s in computer science, Information Security, or equivalent professional experience
• Experience with multiple SAST tools and ecosystems, including customization of rules, policy tuning, and integration into developer workflows
• Experience building or scaling “shift-left” security programs, including developer enablement and self-service security tooling
• Experience developing secure coding guidelines, playbooks, and training materials for engineering teams
• Strong communication skills and the ability to explain security concepts to non-security audiences

Learn More About Autodesk Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – it’s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Salary transparency Salary is one part of Autodesk’s competitive compensation package. Offers are based on the candidate’s experience and geographic location. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Diversity & Belonging We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity\-and\-belonging

Are you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site).