Glean - Application Security Engineer

• Own and lead the vulnerability management lifecycle, ensuring our entire tech stack is free from known CVEs. • Implement and manage secure base OS images, ensuring all underlying systems remain hardened against security threats. • Continuously scan, monitor, and patch OSS dependencies to mitigate supply chain risks and enforce best practices for dependency management. • Research and evaluate trusted open-source security solutions like Google’s Assured Open Source Software and recommend their adoption where applicable. • Work closely with engineering teams to integrate state-of-the-art SAST, DAST, and dependency scanning tools into the CI/CD pipeline to detect and remediate vulnerabilities early. • Define and maintain best practices for secure coding to ensure all code developed by Glean engineers is free from vulnerabilities. • Develop automated security validation tests to enforce vulnerability-free deployments across the stack. • Lead the adoption and, if necessary, develop custom security solutions to manage and mitigate security risks at scale. • Provide security guidance, training, and mentorship to engineering teams to foster a security-first culture at Glean. • BA/BS in Computer Science, Cybersecurity, or a related field (or equivalent industry experience). • 5+ years of experience in application security and vulnerability management. • Deep understanding of software security vulnerabilities, including CVEs, OWASP Top 10, and supply chain risks. • Experience with SAST, DAST, dependency scanning, and vulnerability management tools (e.g., Snyk, GitHub Dependabot, Trivy, Clair, Burp Suite, OWASP ZAP). • Strong familiarity with package managers (npm, pip, Maven, Go modules) and securing open-source dependencies. • Coding experience in languages such as Go, Python, Java, or C++ to develop security test cases and tooling. • Hands-on experience with cloud-native security best practices across AWS, GCP, or Azure. • Knowledge of container security, Kubernetes security, and securing microservices architectures. • Ability to lead cross-functional initiatives and drive security adoption within engineering teams. • A strong proactive approach to security, identifying risks before they become problems. • Excellent problem-solving skills and the ability to balance security with performance and usability. • Experience working in fast-paced, highly collaborative environments where security is a shared responsibility. • Passion for open-source security and keeping up with the latest trends in software vulnerability management. • Location: • This role is remote from the US.