Senior Application Security Engineer

Senior Application Security Engineer page is loaded

Apply locations UK - Remote Germany - Remote Romania - Remote Poland - Remote time type Full time posted on Posted Yesterday job requisition id R51049

Your Title: Senior Application Security Engineer

Job Location: UK - Remote, Germany - Remote, Poland - Remote OR Romania - Remote

About the Role:

Trimble is seeking a highly experienced and passionate Senior Application Security Engineer to lead our Software Composition Analysis (SCA) and Static Application Security Testing (SAST) initiatives, with a primary focus on driving the strategic implementation and optimization of our SCA tool. This is a pivotal, corporate-level role for an individual who isn't just an expert in application security tooling but is also a visionary leader capable of shaping our organization's approach to open-source security and secure development practices across a global engineering footprint.

You'll be instrumental in evolving our application security posture, acting as a subject matter expert and a champion for best practices within our diverse engineering teams. Your deep technical expertise, combined with strong communication and leadership skills, will enable us to maximize the value derived from our SCA tool investment and further embed security into our software development lifecycle. This role requires the ability to drive strategy and solutions that benefit the vast majority of our engineering teams , ensuring scalable and effective security measures before addressing niche requirements.

Key Responsibilities:

• SCA and SAST Leadership & Global Strategy:

  • Serve as the primary technical lead and subject matter expert for SCA across Trimble, including SAST (if applicable);

  • Drive the strategic vision, roadmap, and continuous improvement of our SCA implementation at an enterprise level, focusing on solutions that scale to 99% of our engineering teams globally;

  • Lead the integration of SCA into our CI/CD pipelines, build systems, and development workflows for various technology stacks (e.g., .NET, Java, Python, JavaScript, Go, etc.);

  • Optimize our SCA policies, rules, and configurations to reduce false positives, increase accuracy, and align with Trimble's risk appetite across diverse product portfolios;

  • Develop and implement strategies for managing and remediating open-source vulnerabilities and license compliance issues identified by our SCA tool, considering the varied needs of a global organization;

  • Champion the adoption of SCA across all development teams through scalable training programs, comprehensive documentation, and strategic support models;

  • Stay current with our SCA tools features, updates, and best practices, proactively recommending and implementing enhancements that benefit the broader engineering organization.

• Application Security Program Enhancement:

  • Collaborate with development teams, architects, and product owners globally to embed security best practices throughout the SDLC;

  • Provide expert guidance and hands-on support for vulnerability remediation efforts across various applications;

  • Develop and deliver security training and awareness programs tailored to developer needs at scale, with a strong focus on SCA and SAST;

  • Contribute to the selection, evaluation, and implementation of other application security tools and processes as needed;

  • Participate in security reviews, threat modeling, and architecture discussions to identify and mitigate security risks early in the development process;

  • Advise on secure coding guidelines and standards.

• Operational Excellence:

  • Establish and report on key metrics and KPIs related to SCA and SAST program effectiveness for the entire organization;

  • Automate security processes and tooling where possible to improve efficiency and scalability;

  • Respond to security incidents related to application vulnerabilities and provide expert analysis and remediation guidance;

  • Mentor junior security engineers and provide technical leadership within the security team.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience;

• 5+ years of progressive experience in application security, with a strong focus on secure software development lifecycle (SSDLC);

• Demonstrable expert-level experience (5+ years) specifically implementing, configuring, tuning, and optimizing SCA for large, complex organizations. This includes deep expertise with SCA and a strong understanding of its integration capabilities;

• Proven experience with other SAST tooling (e.g., Checkmarx, SonarQube, Fortify, Veracode) and a strong understanding of their principles and challenges;

• Hands-on experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Azure DevOps, GitLab CI, GitHub Actions);

• Strong understanding of common application security vulnerabilities (OWASP Top 10, CWE) and their exploitation and remediation;

• Proficiency in at least one major programming language (e.g., Java, C#, Python, JavaScript, Go);

• Experience working in agile development environments;

• Exceptional communication, presentation, and interpersonal skills, with the ability to articulate complex technical concepts and strategic initiatives to a wide (global) audience of engineers and product owners;

• Proven ability to drive strategy and influence change at an organizational level, focusing on broad solutions that impact a significant majority of engineering teams;

• Proven ability to lead and influence cross-functional teams without direct authority.

About Trimble:

Trimble is transforming the way the world works by delivering products and services that connect the physical and digital worlds. Core technologies in positioning, modeling, connectivity and data analytics enable customers to improve productivity, quality, safety and sustainability. From purpose built products to enterprise lifecycle solutions, Trimble software, hardware and services are transforming a broad range of industries such as agriculture, construction, geospatial and transportation and logistics.

Trimble’s Inclusiveness Commitment

We believe in celebrating our differences. That is why our diversity is our strength. To us, that means actively participating in opportunities to be inclusive. Diversity, Equity, and Inclusion have guided our current success while also moving our desire to improve. We actively seek to add members to our community who represent our customers and the places we live and work.

We have programs in place to make sure our people are seen, heard, and welcomed and most importantly that they know they belong, no matter who they are or where they are coming from.

Trimble is proud to be an Equal Opportunity and Affirmative Action Employer and considers qualified applicants for employment without regard to race, gender, age, color, religion, national origin, marital status, disability, sexual orientation,status as a covered veteran in accordance with applicable federal, state and local laws, or any other protected factor. EOE/M/F/V/D

Trimble’s Privacy Policy