Staff Application Security Engineer

Join us on our mission to make a better world of work. 

Culture Amp is the world’s leading employee experience platform, revolutionizing how 25 million employees across more than 6,500 companies create a better world of work. Culture Amp empowers companies of all sizes and industries to transform employee engagement, drive performance management, and develop high-performing teams. Powered by people science and the most comprehensive employee dataset in the world, the most innovative companies including Canva, On, Asana, Dolby, McDonalds and Nasdaq depend on Culture Amp every day.

Culture Amp is backed by leading venture capital funds and has offices in the US, UK, Germany and Australia. Culture Amp has been recognized as one of the world’s top private cloud companies by Forbes and most innovative companies by Fast Company.

For more information visit cultureamp.com.

How you can help make a better world of work

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal role in shaping and elevating our application security posture across our global SaaS platform. You’ll be the technical authority for application security, partnering closely with engineering, product, and security teams to embed security best practices throughout the software development lifecycle. Your work will directly protect the data and trust of millions of users, enabling Culture Amp to deliver innovative, secure, and reliable employee experience solutions at scale.

You will drive the strategy and execution of application security initiatives, lead complex security reviews and threat modeling, and scale security through automation and developer enablement. As a senior technical leader, you’ll mentor engineers, influence cross-functional teams, and champion a culture of security awareness and continuous improvement. Your expertise will help us stay ahead of emerging threats, meet compliance requirements, and ensure that security is a core part of our product DNA.

As part of this team of amazing humans, you will

• Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members.
• Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps).
• Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale.
• Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures.
• Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues.
• Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning.
• Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP).
• Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp.
• Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community.

You have

• Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments.
• Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2).
• Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS).
• Strong knowledge of security automation, CI/CD integration, and DevSecOps practices.
• Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity.
• Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments.
• Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences.
• Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement.
• Familiarity with security-related compliance requirements and standards relevant to SaaS businesses.

You are

• A technical leader and trusted advisor, able to set direction and inspire others to raise the bar on security.
• Proactive, curious, and passionate about solving complex security challenges at scale.
• Collaborative and inclusive, thriving in cross-functional teams and valuing diverse perspectives.
• Committed to continuous learning, staying ahead of emerging threats and technologies.
• Driven by Culture Amp’s mission to create a better world of work, and excited to amplify our impact through secure, innovative technology.

We believe that our employees are the heartbeat of our success. We're committed to fostering a work environment that truly cares for and develops its people, and creates lasting positive impact. In addition to providing a competitive compensation package, some of the key benefits we offer are: 

• Employee Share Options Program: We empower you to be an owner in Culture Amp and share in our success
• Programs, coaching, and budgets to help you thrive personally and professionally
• Access to external providers for mental wellbeing and coaching support to sustain the wellbeing, safety and development of our people
• Monthly Camper Life Allowance: An automatic allowance paid out each month with your pay - you can spend it however you like to help improve your experience and life outside work
• Team budgets dedicated to team building activities and connection
• Intentional quarterly wellbeing pauses: A quarterly company-wide shutdown day in each region to to collectively pause, reset and focus on restoration and rest, without having to tap into individual vacation time
• Extended year-end breaks: An extended refresh period at the end of year
• Excellent parental leave and in work support program available from day 1 of joining Culture Amp
• 5 Social Impact Days a year to make a positive impact on the community outside of work
• MacBooks for you to do your best & a work from home office budget to spend on setting up your home office
• Medical insurance coverage for you and your family (Available for US & UK only) 

Additionally, we don't just focus on our internal community; we believe in creating a better world of work for all. We're committed to diversity, equity, and inclusion, with Employee Resource Groups and ally communities in place. 

We have a strong commitment to Anti-Racism, and endeavor to lead by example. Every step we make as a business towards anti-racism is another step we can take to support our customers in making a better world (of work). You can see our current commitments to Anti-Racism here.

Please keep reading...

Research shows that candidates from underrepresented backgrounds often don't apply for roles if they don't meet all the criteria – unlike majority candidates meeting significantly fewer requirements.

We strongly encourage you to apply if you’re interested: we'd love to know how you can amplify our team with your unique experience!

If you decide to apply, as part of your application, we will ask you to complete voluntary diversity questions (excluding roles in Germany). These questions are completely optional, but your participation truly helps. By sharing this anonymous information, you support our efforts to build a more inclusive and equitable hiring process—and help us hold ourselves accountable to that commitment. Your responses are entirely confidential and will not impact hiring decisions.

If you require reasonable accommodations or adjustments due to a disability to complete the online application or to participate in the interview process, please contact accommodations@cultureamp.com and identify the type of accommodation or assistance you are requesting. Do not include any medical or health information in this email. The Reasonable Accommodations team will respond to your email promptly. Culture Amp will retain your CV & personal information for a period of two years (four years for the US) from the date of your application process completion. Culture Amp may contact you in relation to future job opportunities during this time period. For further information please see our privacy policy here or contact privacy@cultureamp.com.