Senior Application Security Engineer

Burlington, MA, US, 01803

Technology Office

Job Purpose

As a member of the Application Security team, the Senior Application Security Engineer works closely with software engineers, architects, product management and others help integrate tools into their build/development environments to ensure consistent application of security controls across the product portfolio. This person should be familiar with Secure Development practices and have experience helping product teams adopt these activities.


We seek a top-performing technical leader with the passion, experience and gravitas to effectively lead and contribute to this critical technology function. The ideal candidate will be a high energy, team oriented, customer driven problem solver with prior experience building secure software for enterprises.

Main Duties

  • Roll out tools and services to all Sophos Product teams
  • Design and implement frameworks and features that are instrumental securing Sophos software and systems.
  • Guide teams in the adoption of Secure Development activities. (Training, Threat Modeling, Static/dynamic analysis)
  • Participate in planning and architecture sessions with engineering management, architects, operations, and development team leads.
  • Help teams integrate fuzzing into their test environments.
  • Help product teams move to a DevSecOps way of performing application security. 


Skills & Experience


  • Solid understanding of Software development principles.
  • Solid understanding of fuzzing
  • Excellent analytical and troubleshooting skills and demonstrated ability to investigate and solve complex problems, including solving critical production issues in complex systems and investigating and determining root causes.
  • Technical acumen to lead the creation of both system-level and service-level designs in collaboration with other technical experts.
  • Familiarity with Threat Modeling and Secure Development in general.
  • Understanding of how to build tools, frameworks and services that will be consumed by other development teams.
  • Solid understanding of common vulnerabilities (OWASP top 10, SANS top 25)
  • Strong scripting skills to help integration of tools and other systems
  • Strong Linux/Unix systems experience
  • Exceptionally strong written and verbal communications skills, as well as good interpersonal and organization skills


  • Security-related professional certification (CISSP, OSCP, etc) 
  • Experience with Agile Software Development methodologies 
  • Experience working with CI/CI pipeline tools like Jenkins, Terraform, etc.  
  • Experience presenting research material at security conferences. 
  • Contributions to open-source security projects and/or publications. 

Equal Opportunities

Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.

If you choose to explore this opportunity, and subsequently share your CV or other personal details with Sophos, these details will be held by Sophos for 12 months in accordance with our Privacy Policy and used by our recruitment team to contact you regarding this or other relevant opportunities at Sophos.  If you would like Sophos to delete or update your details at any time, please follow the steps set out in the Privacy Policy describing your individual rights.  If you have any questions about Sophos’ data protection practices, please contact dataprotection@sophos.com.

At Sophos, we want every organization to be protected by innovative, next-generation IT security, even those who don't have a huge IT staff. We protect organizations of all sizes, all around the world by making enterprise-grade security that is simple to deploy, manage, and use. It is our passion, and something we are truly proud of.