Application Security Engineer

Glean • Bangalore, India • 2h ago

Why This Job is Featured on The SaaS Jobs

Application Security Engineering is becoming a core discipline in modern SaaS, where continuous delivery, cloud-native infrastructure, and heavy reliance on open-source libraries expand the attack surface. This role stands out for its emphasis on end-to-end vulnerability management across base OS images, OSS dependencies, and release pipelines, reflecting the realities of securing a product that ships frequently and runs at scale.

For a long-term SaaS security career, the work maps closely to the problems that recur across companies: building a repeatable CVE lifecycle, integrating SAST and DAST into CI/CD, and reducing software supply chain risk without blocking engineering throughput. Experience with dependency governance, automated security validation, and secure SDLC practices tends to transfer well into platform security, product security, and security engineering leadership tracks in SaaS organisations.

The position is best suited to an engineer who prefers systematic, automation-first security work and can partner with multiple engineering teams to influence day-to-day development practices. It will appeal to someone comfortable balancing rigor with pragmatism, and who wants a hybrid setup in Bangalore while staying close to the tooling and workflows that drive SaaS delivery.

The section above is editorial commentary from The SaaS Jobs, provided to help SaaS professionals understand the role in a broader industry context.

Job Description

About the Role:

Glean is looking for an Application Security Engineer with a primary focus on ensuring that our entire technology stack is free of software vulnerabilities (CVEs). This role is responsible for securing our base OS images, ensuring all open-source software (OSS) dependencies are scanned and patched, and integrating cutting-edge security tools into our CI/CD pipeline. The ideal candidate will drive the adoption of solutions like Google’s Assured Open Source Software (OSS) and explore alternative approaches to enhance software security.

You will:

Implement and improve the vulnerability management lifecycle, ensuring our entire tech stack is free from known vulnerabilities/CVEs.
Continuously scan, monitor, and patch OSS dependencies to mitigate supply chain risks and enforce best practices for dependency management.
Work closely with engineering teams to integrate state-of-the-art SAST, DAST, and dependency scanning tools into the CI/CD pipeline to detect and remediate vulnerabilities early.
Define and maintain best practices for secure coding to ensure all code developed by Glean engineers is free from vulnerabilities.
Ensure secure posture in SDLC by securing designs, conducting secure code reviews and penetration testing the features.
Develop automated security validation tests to enforce vulnerability-free deployments across the stack.
Lead the adoption and, if necessary, develop custom security solutions to manage and mitigate security risks at scale.
Provide security guidance, training, and mentorship to engineering teams to foster a security-first culture at Glean.

About you:

BA/BS in Computer Science, Cybersecurity, or a related field (or equivalent industry experience).
3+ years of experience in application security and vulnerability management.
Deep understanding of software security vulnerabilities, including CVEs, OWASP Top 10, and supply chain risks.
Deep understanding security design principles including but not limited to authentication, authorisation, RBAC, database security.
Experience with SAST, DAST, dependency scanning, and vulnerability management tools (e.g., Snyk, GitHub Dependabot, Trivy, Clair, Burp Suite, OWASP ZAP).
Strong familiarity with package managers (npm, pip, Maven, Go modules) and securing open-source dependencies.
Coding experience in languages such as Go, Python, Java, or C++ to develop security test cases and tooling.
Hands-on experience with cloud-native security best practices across AWS, GCP, or Azure.
Knowledge of container security, Kubernetes security, and securing microservices architectures.
Ability to lead cross-functional initiatives and drive security adoption within engineering teams.
A strong proactive approach to security, identifying risks before they become problems.
Excellent problem-solving skills and the ability to balance security with performance and usability.
Experience working in fast-paced, highly collaborative environments where security is a shared responsibility.
Passion for open-source security and keeping up with the latest trends in software vulnerability management.

Location:

This role is hybrid (3 days a week in our Bangalore office)

Compensation & Benefits:

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for variable compensation, equity, and benefits.

We are a diverse bunch of people and we want to continue to attract and retain a diverse range of people into our organization. We're committed to an inclusive and diverse company. We do not discriminate based on gender, ethnicity, sexual orientation, religion, civil or family status, age, disability, or race.

#LI-HYBRID