Revenera helps product executives build better products, accelerate time to value and monetize what matters. Revenera's leading solutions help software and technology companies drive top line revenue with modern software monetization, understand usage and compliance with software usage analytics, empower the use of open source with software composition analysis and deliver an excellent user experiencefor embedded, on premises, cloud, and SaaS products.
As a
Senior Application Security Engineer, you will be a cornerstone of our Global Product Security organization. We don't just check boxeswe build paved roads. You will be responsible for securing a massive ecosystem that spans legacy on-prem C++ and C# applications to modern, cloud-native SaaS solutions built on Python, Go, and React. Your mission is to shift security left by empowering developers, not by being a bottleneck.
Key Responsibilities
- Secure Software Development Lifecycle (SSDLC): Design and integrate security gates into diverse CI/CD pipelines. You'll be responsible for making SAST/DAST/SCA results actionable for developers across different tech stacks.
- Strategic Threat Modeling: Lead deep-dive threat modeling sessions for high-risk features. You should be able to visualize attack vectors for both a monolithic C# app and a distributed React/Go architecture.
- Security Research & Remediation: Conduct targeted manual code reviews and internal penetration tests. When a vulnerability is found, you don't just drop a report; you provide the Gold Standard fix or library.
- Vulnerability Management: Triage bugs from our Bug Bounty program and automated scanners. You will help prioritize risks based on business impact and exploitability.
- Security Architecture: Consult with product teams during the design phase to ensure we are building in secure-by-default patterns (e.g., OIDC, mTLS, encryption at rest).
Preferred Qualifications
- 7+ years of experience in Application Security or Software Engineering.
- Proven track record of building Security Champions programs to scale security culture across large engineering orgs.
- Relevant certifications (e.g., OSCP, CASE, GWEB) or a history of CVEs/Bug Bounty hall-of-fame recognitions.
- Experience with infrastructure-as-code (Terraform/Pulumi) to automate security configurations.
The Culture Fit
We are looking for a
pragmatic expert. You understand that a Perfectly Secure product that never ships is a failure. You possess the soft skills to explain a complex SQL injection to a Product Manager and a Deep Buffer Overflow to a Senior C++ Developer without losing their trust.
Revenera is proud to be an equal opportunity employer. Qualified applicants will be considered for open roles regardless of age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by local/national laws, policies and/or regulations. Regarding disability, we encourage candidates requiring accommodations to please let us know by emailing [Confidential Information]
.
