Sr. Staff Software Engineer (Application Security) (Remote - US)

We are committed to a culture where all employees are included, belong, and have equal opportunity to achieve their full potential. Come make a difference with us!

Learn more about BNSF and our Benefits

Job Location: REMOTE
Other Potential Locations: Remote US
Anticipated Start Date: 06/16/2025
Number of Positions: 1
Salary Range: $243,750 - $406,250

The US base salary range for this full-time position is $243,750 - $406,250 plus bonus eligibility and other elements of our total rewards package. The range represents the amount BNSF | tech reasonably expects to pay based on the role's level, scope, and responsibilities. Individual compensation will be determined by factors including location, skills, experience, and education. In addition to base pay, BNSF offers a comprehensive benefits package.

Apply early as this job may be filled or removed prior to the closing date, approximately seven days after posting.

The bnsf | tech department drives innovation and efficiency by developing advanced technological solutions, supporting critical applications, and enhancing cybersecurity. Their expertise ensures robust IT infrastructure, enabling BNSF to deliver reliable transportation services.

This is a full-time position. Our leaders foster a culture that values work-life balance, flexibility, and respect for life events.

We are seeking a talented Application Security Engineer to join our security team. This role focuses on securing web, mobile, and cloud applications through threat modeling, code reviews, penetration testing, and collaboration with developers to promote secure coding practices.

As a Sr Staff Application Security Engineer, you will:

• Lead the design, implementation, and maintenance of application security tools and systems.
• Conduct security assessments and identify vulnerabilities.
• Collaborate with development teams to integrate security into the SDLC.
• Perform static and dynamic code analysis.
• Develop and maintain automated security testing tools.
• Participate in threat modeling and architecture reviews.
• Manage remediation of security issues.
• Stay current with security threats and technologies.
• Provide technical leadership and mentorship.
• Ensure compliance with industry standards and regulations.

Basic Qualifications:

• Authorized to work in the US.
• Bachelor’s degree in Computer Science, Engineering, Cybersecurity, or related field.
• 10+ years of experience in application development or security.
• Knowledge of application vulnerabilities (OWASP Top 10, CWE).
• Proficiency in programming languages (e.g., Java, Python, JavaScript).
• Experience with security tools (SAST, DAST, IAST, SCA, Burp Suite).
• Strong communication skills and cross-functional collaboration.

• Fluency in multiple technology stacks and expertise in areas like C, C++, Java, J2EE, etc.
• Experience with CI/CD and Infrastructure as Code.
• Problem-solving skills and DevSecOps experience.
• Understanding of SSDLC.

Preferred Qualifications:

• Future employment authorization commitments.
• Knowledge in mTLS, OpenID Connect, enterprise RDBMS, OS platforms, Java API development, iOS applications, ESB technologies.
• Security certifications (e.g., OSCP, CISSP).
• Knowledge of container, Kubernetes, and cloud security (AWS, Azure, GCP).

Benefits include:

• 401(k) and Railroad Retirement.
• Health care options, HSA, life and disability insurance.
• Family benefits, discounts, bonuses, and generous leave policies.
• More info at Benefits.

Please review our FAQ and Hiring Process for more info. All positions require background checks, medical review, and drug testing. For secure areas, TWIC card is required. More info at https://www.tsa.gov/for-industry/twic.

BNSF Railway is an Equal Opportunity Employer, considering all qualified applicants regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.