Senior Application Security Engineer

About DataCamp DataCamp's mission is to empower everyone with the data and AI skills essential for 21st-century success. By providing practical, engaging learning experiences, DataCamp equips learners and organizations of all sizes to harness the power of data and AI. As a trusted partner to over 17 million learners and 6,000+ companies , including 80% of the Fortune 1000, DataCamp is leading the charge in addressing the critical data and AI skills shortage. About the role We are looking for a Senior Application Security Engineer to join our Engineering team and own the security posture of our software and development practices. This is a hands-on role for someone with a strong software engineering background who is genuinely passionate about security - not a traditional infosec role, but one that sits at the intersection of engineering and security. You will be our primary security expert embedded in the Engineering organization, acting as the first responder on security topics - from bug bounty programs and penetration testing to vulnerability management and security risk tracking. You will work closely with our engineering teams to embed security guardrails into our development workflows, including our growing AI-assisted and Agentic development practices. We are ISO 27001 certified and take our compliance obligations seriously. You will play a key role in ensuring our controls remain in place, evolving our security awareness program, and continuously improving the tools and practices that keep us ahead of the curve. About you At DataCamp, we seek individuals who embody our core values of data-driven decision-making, action, transparency, ownership, and customer focus. You thrive in a fast-paced, high-performing environment and are driven by a passion for making a meaningful impact. You're adaptable, embracing change and ambiguity with enthusiasm. Your initiative and entrepreneurial spirit push you beyond just meeting targets—you aim to understand the "why" behind our goals and take ownership to drive the business forward. You’re a collaborative team player who values transparency and always seeks to improve and innovate. If this sounds like you, we encourage you to apply! Responsibilities Own vulnerability management end-to-end: triage, prioritize, track, and drive remediation across the engineering organization Act as the first responder from Engineering on security topics, including bug bounty programs, penetration testing engagements, and security incidents Maintain and evolve our application security tooling (JFrog X-Ray, SonarCloud, OWASP ZAP) and integrate security checks into CI/CD pipelines Partner with engineering teams to embed security guardrails into development workflows - including AI-assisted and Agentic development practices Drive adoption of secure coding standards and OWASP best practices across the engineering organization (OWASP Top 10 for Web and API) Support and evolve our ISO 27001 compliance program, ensuring controls are in place, monitored, and continuously improved Run and evolve our annual security awareness training for developers Track and communicate security risks to engineering leadership and relevant stakeholders Evaluate and adopt new security tools and practices as the threat landscape and our technology evolve Qualifications 6+ years of software engineering or application security experience, with a strong coding background - you can read, write, and review code across multiple languages Strong TypeScript/Node.js experience; good knowledge of Ruby on Rails, React, Kubernetes, and AWS Deep understanding of application security concepts: OWASP Top 10 (Web and API), vulnerability management, secure SDLC, and threat modeling Hands-on experience with application security tooling such as SAST, DAST, and SCA - experience with JFrog X-Ray, SonarCloud, or OWASP ZAP is a plus Experience coordinating or participating in bug bounty programs and penetration testing engageme ... (truncated, view full listing at source)