Senior Application Security Engineer, AI locations US Remote time type Full time job requisition id JR114467 Ready to be a Titan? At ServiceTitan, we are transforming product security into a core part of how engineering delivers software. We are looking for an AI-Focused Senior Application Security Engineer to help define and deliver a secure paved road, creating automated, developer friendly security patterns that enable our 80 plus R&D teams to build securely by default without slowing down innovation. In this role, you will partner closely with engineering to embed practical guardrails, manage emerging risks like non-human identities and data exposure, and enable teams to move quickly without compromising trust. This is an opportunity to shape the future of application security in an AI first environment, turning security into a core enabler of innovation rather than a constraint. What you’ll do: Secure-by-Design Engineering - Pipeline Automation: Embed security directly into the development pipeline through intelligent prompting and AI driven agents. - Secure-by-Default Code: Collaborate with Engineering to develop and maintain secure microservice templates and libraries that have security controls built in from the start. - Supply Chain Protections: Implement controls to secure dependencies, build artifacts, and third party integrations. Partner with engineering to enforce integrity, provenance, and policy checks within build and release workflows. AI-Driven Security Testing & Validation - Automated Scanning: Evaluate, configure, and implement AI agentic tooling to autonomously test our web applications for vulnerabilities. - Simulation & Validation: Use agentic tooling to run proactive simulations based on emerging threats to validate our defenses in real time. - Outcome Accountability: Drive adherence to vulnerability remediation SLAs by partnering with engineering teams to track, prioritize, and resolve security issues. Ensure clear ownership, measurable progress, and consistent follow through to reduce risk and maintain accountability. AI & Identity Security - AI Guardrails: Design and implement technical guardrails for AI Coding Agents and Model Context Protocols (MCP) to ensure safe adoption of AI in the development lifecycle. - AI-Driven Tooling: Help operationalize AI based tooling to act as a "GPS" for developers, tuning the system to provide accurate, on demand threat modeling, design, and development advice. - Non-Human Identity Management: Partner with engineering to define and implement strategies for managing machine identities across AI systems, including service accounts, API keys, and agent authentication. Enforce least privilege access, credential lifecycle management, and integration with secrets management and CI CD pipelines to reduce risk and prevent misuse. Developer Enablement & Security Operations - Technical "Pit Crew": Act as the AppSec technical expert for the Security Champions Program. While leadership manages the program logistics, you will be the expert answering complex coding questions and guiding Champions on how to fix vulnerabilities. - Contextual Training: Assist in setting up "Just in Time" training campaigns that trigger micro-trainings when engineers introduce vulnerabilities, allowing them to fix their own code. - Triage to Automate: Own the initial triage of incoming vulnerability tickets (SAST/SCA). You will use this hands on work to identify the "noise" and pattern match recurring issues, directly informing which guardrails you build next. What you’ll bring: - Experience: 5+ years of experience in Product/Application Security, with a strong background in software engineering. - Demonstrated AI Expertise: Proven experience at the intersection of AI and security, including securing AI workloads and leveraging AI agents to enhance defensive capabilities. - Modern AppSec: Experience implementing tools and driving for secure outcomes throughout the Secure Software Development Lifecycle including Threat Modeling, Code Scanning, and Penetration testing. - Automation Mindset: Proven ability to prompt, script, and automate security tasks. You prefer building a tool to solve a problem over fixing it manually. Why this role? Own Outcomes, Not Activity: Your success will be measured by real risk reduction. You will directly influence vulnerability backlog reduction, remediation velocity, and the overall security posture of the organization. Operate at the Intersection of Engineering and Security: You will work side by side with engineering teams to shape how software is built, secured, and deployed. This role gives you the platform to influence architecture, development practices, and platform level controls. Lead the Next Evolution of AppSec: You will help define how modern security teams leverage automation and intelligent systems to scale. From secure by design patterns to autonomous testing and remediation, you will be pushing the boundaries of how security is done. High Ownership, High Leverage: You will have the autonomy to identify problems, design solutions, and implement them end to end. The work you do will scale across teams and services, amplifying your impact well beyond a single application or domain. Be Human With Us: Being human isn’t about checking every box on a list. It’s about the experiences we have, people we meet, and the perspectives we share. So, if you have the skills but are hesitant to apply because of your background, apply anyway. We need amazing people like you to help us challenge the conventional and think differently about the problems that we’re solving. We’re in this together. Come be human, with us.  Use of AI Technology: We use technology, including automated and AI-assisted tools, to support certain aspects of our recruitment process. These tools are designed to improve efficiency and enhance the candidate experience. AI tools are not used to make hiring decisions; all hiring decisions are made by our hiring teams. What We Offer: When you join our team, you’re not just accepting a job. You’re making a career move. Here’s how we’ll support you in doing some of the most impactful work of your career: - Flextime, recognition, and support for autonomous work: Flexible time off with ample learning and development opportunities to continue growing your career. We offer a comprehensive onboarding program, leadership training for Titans at all levels, and other programs and events. Great work is rewarded through Bonusly, peer-nominated awards, and more. - Holistic health and wellness benefits: Company-paid medical, dental, and vision (with 100% employer paid options and 90% coverage for dependents), FSA and HSA, 401k match, and telehealth options including memberships to One Medical. - Support for Titans at all stages of life: Parental leave and support, up to $20k in fertility services (i.e. IUI and IVF), surrogacy, and adoption reimbursement, on demand maternity support through Maven Maternity, free breast milk shipping through Maven Milk, pet insurance, legal advisory services, financial planning tools, and more. At ServiceTitan, we celebrate individuality and uniqueness. We believe that the convergence of fresh perspectives and experiences from all walks of life is what makes our product and culture so great. We strongly encourage people from underrepresented groups to apply. We do not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws. ServiceTitan is committed to fair and equitable compensation for all of our employees. We thoughtfully consider a wide range of factors when determining individual compensation.The expected salary range for this role for candidates residing in the United States is between $125,700 USD - $168,100 USD. Compensation for candidates residing outside the United States will vary by location and the specific salary range will be discussed during the hiring process. Actual compensation for an individual may vary depending on skills, performance over time, qualifications, experience, and location. In addition to the base salary, the total compensation package also includes an annual bonus, equity and a holistic suite of benefits.

• Align customer design requirements with our technology and assist with proposal development • Identify design opportunities • Guide customers through their design process • Provide SI/PI reviews (topology/vias/return paths, decap strategy, S-params) and recommend design fixes; coordinate simulations and correlate lab vs. model • Provide onsite support, and solving real time problems including software tool issues, HW and SW debugging, system bring-up issues • Train customers and distributor’s FAEs

About the Role Fabric handles protected health information at scale across 75+ health systems and millions of patient encounters. Security is not a layer we add at the end. It is built into how we work. As a Senior Application Security Engineer, you will own the application security practice at Fabric, partnering directly with engineering to embed security throughout the development lifecycle, build the tooling and automation that keeps our platform secure, and ensure our applications meet the compliance standards our health system customers require. This is a new headcount reporting to the VP of Infrastructure. What You'll Do As a Senior Application Security Engineer, you will be the driving force behind application security at Fabric, operating as a partner to engineering rather than a gatekeeper. Your primary responsibilities will include: - Secure Development & Code Review: Partner with engineering teams to embed security throughout the SDLC across Fabric's Ruby on Rails, Python, React, and Node.js applications. Conduct security-focused code reviews and provide actionable guidance on secure coding practices. - Threat Modeling & Assessment: Lead threat modeling exercises for new features and architectural changes. Conduct application penetration testing and vulnerability assessments across the platform, prioritizing findings and working directly with engineering to drive remediation. - DevSecOps & Tooling: Implement and manage SAST and DAST tooling integrated into CI/CD pipelines. Build security guardrails and automated checks that allow engineering to move fast without introducing risk to the platform or patient data. - Compliance & Risk: Ensure application security practices meet HIPAA, SOC 2, and HITRUST requirements. Assess third-party integrations and APIs for security risk, including EHR integrations with Epic and Cerner. - Security Education & Culture: Run secure coding training and awareness programs for engineering teams. Serve as the internal subject matter expert on application security and lead response to application-layer security incidents. Why You Might Be a Good Fit - You think like an attacker and build like an engineer. You are as comfortable in a codebase as you are writing a threat model. - You understand that in healthcare, a vulnerability is not just a technical problem. It is a patient safety and compliance problem. - You prefer building guardrails and education programs over reactive patching. - You can communicate security risk to engineering teams in a way that drives action, not defensiveness. - You are energized by building a security practice and shaping how a fast-growing company approaches application security. This Might Not Be The Right Fit If... - You are primarily a compliance or GRC-focused security professional and are not comfortable getting into the code. - You prefer working in a mature, established security program over building and defining one. - You are not comfortable working closely with engineering as a partner rather than an oversight function. - You do not have experience in a regulated environment where security decisions carry direct compliance implications. Your Qualifications - 5+ years of experience in application security with hands-on experience in security assessments, penetration testing, and secure code review. - Proficiency in at least one language in Fabric's stack: Ruby, Python, JavaScript/TypeScript, or similar. - Experience integrating SAST and DAST tooling into CI/CD pipelines. - Deep understanding of the OWASP Top 10 and common application vulnerabilities. - Experience with threat modeling methodologies. - Familiarity with cloud security in AWS environments. - Understanding of HIPAA or other regulated industry security requirements. Bonus Points - Experience securing healthcare applications or working with PHI. - Familiarity with EHR integration security including FHIR, HL7, Epic, or Cerner APIs. - Security certifications such as OSCP, GWEB, or BSCP. - Experience with bug bounty program management. - SOC 2 or HITRUST audit support experience. The national pay range for this role is $130,000.00 – $160,000.00 per year. Actual compensation will be determined by factors such as the candidate's geographic market, experience, skills, and qualifications. Certain roles may also be eligible for additional compensation, including a comprehensive benefits package such as medical, dental, vision, unlimited PTO, and a 401(k) plan, stock options and bonuses. If your compensation requirement is greater than our posted range, please still consider applying; a determination can be made based on unique qualifications. Expected compensation ranges for this role may change over time.

• You design innovative solutions together with our customers by translating complex requirements across IT infrastructure, shop floor, and end-user applications with clarity and pragmatism. • You take responsibility for technical onboarding of customers and partners. • You advise on IIoT architectures, IT security, Connectware integration, and relevant use cases. • You implement industrial data infrastructures using Cybus Connectware. • You implement scalable Infrastructure-as-Code deployments. • You support our customers with technical product support, including participation in a team-rotating on-call duty.