Role Description As a Sr. Staff Back-End AppSec Lead, you will be tasked with: - Acting as a trusted advisor to customers by reviewing and validating AI-generated findings on Java and .NET back-end systems during high-stakes security engagements. - Working directly with SentinelOne’s agentic code scanning pipeline to analyze vulnerabilities, apply expert human judgment, and communicate actionable results to both technical teams and executive stakeholders. - Helping build and scale the Wayfinder Frontier AI Services practice by refining methodologies, improving AI-assisted exposure management workflows, and collaborating with elite offensive and defensive security experts. What Will You Do? Primary responsibilities include: - Lead Wayfinder Frontier AI Services customer engagements end-to-end, scope the work, deliver the technical findings, and present results to executive and technical stakeholders. - Review and triage findings from our agentic code scanning pipeline against customer Java and .NET codebases. Validate true positives, eliminate noise, and ensure every finding that reaches the customer is a decision they can act on. - Conduct deep code review across Java and .Net code and common frameworks. - Present findings to stakeholders, translate technical risk into business impact and map exposures into end-to-end exploitation chains. - Author and maintain SAST rule packs that scale across the customer base, and partner with our AI/ML engineers to improve our agentic scanning engine. - Provide expert remediation guidance to customer development teams and validate fixes through follow-up review. - Work closely with our engineering teams to enhance our agentic code scanning pipeline, and reduce false positives. - Mentor Senior-level AppSec engineers and dev-skilled threat hunters; raise the technical bar of the practice and shape the service line's methodology, engagement playbooks, and scoping templates. Qualifications - 7+ years in application security or product security with a strong software development background. - Proven track record translating complex findings into technical and executive-level debriefs. Excellent written and verbal communication is essential. - Experience delivering customer-facing or consulting-style engagements end-to-end, comfortable in a distributed remote organization. - Expert-level Java / Spring, you've identified and explained vulnerabilities at the framework level, not just the application level. - Expert-level .NET Framework and ASP.NET Core, vulnerabilities and secure coding methodologies. - Mastery of OWASP Top 10, CWE Top 25, and modern authentication infrastructure (SAML, OAuth, OIDC, JWT internals). - Hands-on experience authoring custom static-analysis rules and queries for modern SAST engines; familiarity with AI-assisted code review workflows and validating findings produced by automated and agentic analysis pipelines. - Strong threat modeling experience throughout the secure SDLC. - Fluency with Git-based source control and CI/CD pipelines, including build-pipeline security controls, runner hardening, and release-gate enforcement. - Experience with AI accelerated development / code scanning methodologies. Benefits - Equity & Rewards: Restricted Stock Units (RSUs), Employee Stock Purchase Plan (ESPP) - Time Off & Wellbeing: Flexible time off, Paid company holidays and paid sick time, Gender-neutral parental leave, Grandparent leave - Insurance & Financial Security: Medical, dental, and vision coverage, 401(k) retirement plan with company match, Life and disability insurance, Health and dependent care FSA, Voluntary benefits (hospital, accident, critical illness), Employee Assistance Program (EAP), ARAG pre-paid legal, Nationwide pet insurance, Cancer Care program, Global business travel medical insurance - Work Perks & Flexibility: Home office allowance, Mobile phone reimbursement - Wellness & Lifestyle: Wellness coach, Wellness/gym reimbursement, Fertility coverage, Adoption & surrogacy reimbursement Base Salary Range $184,000 — $235,000 USD

• Experience with cloud computing (AWS, GCP, OCI and/or Azure). • Strong knowledge of Linux and systems administration. • Experience with containerization, Kubernetes (k8s) and Helm. • Knowledge of infrastructure as code (e.g., Terraform / Terragrunt / CloudFormation). • Experience with CI/CD tools (e.g., Jenkins, GitHub Actions, Argo CD). • Experience with web servers (Apache, Nginx). • Scripting knowledge (Shell and/or Python). • Cloud certifications (AWS, Azure, OCI and/or GCP). • Knowledge of Grafana. • Previous experience in high-scale environments.

- Garantir a disponibilidade, escalabilidade e desempenho das aplicações e serviços; - Implementar e evoluir práticas de **observabilidade**, incluindo métricas, logs e traces; - Criar e manter **dashboards (dashs)** para acompanhamento de indicadores de saúde dos sistemas; - Definir e gerenciar **alarmísticas**, com foco em alertas eficientes e redução de ruído; - Atuar na identificação e resolução de incidentes, realizando análise de causa raiz (RCA); - Trabalhar em conjunto com times de desenvolvimento para melhoria contínua (DevOps); - Automatizar rotinas operacionais e processos de monitoração; - Apoiar a definição e acompanhamento de SLIs, SLOs e SLAs; - Contribuir para a cultura de confiabilidade e engenharia de resiliência.

• Analyze, design, develop and implement high-quality software solutions; • Work closely with the team ensuring continuous integration and continuous delivery (CI/CD); • Actively participate in agile ceremonies, ensuring alignment between technical objectives and business goals; • Develop and maintain applications using Microsoft technologies; • Build and evolve APIs, WebServices and system integrations; • Work on automation of pipelines and DevOps processes; • Identify, analyze and resolve technical and operational issues; • Ensure application stability, scalability and performance; • Contribute to the continuous improvement of development and deployment processes; • Work with cloud solutions, preferably Azure; • Use code assistants and AI to accelerate feature development; • Create effective prompts for code generation, refactoring and documentation; • Critically validate code and suggestions generated by AI before approval; • Ensure best practices for security and data privacy when using public and private AI