Senior Application Security Engineer

About DataCamp

DataCamp's mission is to empower everyone with the data and AI skills essential for 21st-century success. By providing practical, engaging learning experiences, DataCamp equips learners and organizations of all sizes to harness the power of data and AI. As a trusted partner to over 17 million learners and 6,000+ companies, including 80% of the Fortune 1000, DataCamp is leading the charge in addressing the critical data and AI skills shortage.

About the role

We are looking for a Senior Application Security Engineer to join our Engineering team and own the security posture of our software and development practices. This is a hands-on role for someone with a strong software engineering background who is genuinely passionate about security - not a traditional infosec role, but one that sits at the intersection of engineering and security.

You will be our primary security expert embedded in the Engineering organization, acting as the first responder on security topics - from bug bounty programs and penetration testing to vulnerability management and security risk tracking. You will work closely with our engineering teams to embed security guardrails into our development workflows, including our growing AI-assisted and Agentic development practices.

We are ISO 27001 certified and take our compliance obligations seriously. You will play a key role in ensuring our controls remain in place, evolving our security awareness program, and continuously improving the tools and practices that keep us ahead of the curve.

About you

At DataCamp, we seek individuals who embody our core values of data-driven decision-making, action, transparency, ownership, and customer focus. You thrive in a fast-paced, high-performing environment and are driven by a passion for making a meaningful impact. You're adaptable, embracing change and ambiguity with enthusiasm. Your initiative and entrepreneurial spirit push you beyond just meeting targets—you aim to understand the "why" behind our goals and take ownership to drive the business forward. You’re a collaborative team player who values transparency and always seeks to improve and innovate. If this sounds like you, we encourage you to apply!

Responsibilities

• Own vulnerability management end-to-end: triage, prioritize, track, and drive remediation across the engineering organization
• Act as the first responder from Engineering on security topics, including bug bounty programs, penetration testing engagements, and security incidents
• Maintain and evolve our application security tooling (JFrog X-Ray, SonarCloud, OWASP ZAP) and integrate security checks into CI/CD pipelines
• Partner with engineering teams to embed security guardrails into development workflows - including AI-assisted and Agentic development practices
• Drive adoption of secure coding standards and OWASP best practices across the engineering organization (OWASP Top 10 for Web and API)
• Support and evolve our ISO 27001 compliance program, ensuring controls are in place, monitored, and continuously improved
• Run and evolve our annual security awareness training for developers
• Track and communicate security risks to engineering leadership and relevant stakeholders
• Evaluate and adopt new security tools and practices as the threat landscape and our technology evolve

Qualifications

• 6+ years of software engineering or application security experience, with a strong coding background - you can read, write, and review code across multiple languages
• Strong TypeScript/Node.js experience; good knowledge of Ruby on Rails, React, Kubernetes, and AWS
• Deep understanding of application security concepts: OWASP Top 10 (Web and API), vulnerability management, secure SDLC, and threat modeling
• Hands-on experience with application security tooling such as SAST, DAST, and SCA - experience with JFrog X-Ray, SonarCloud, or OWASP ZAP is a plus
• Experience coordinating or participating in bug bounty programs and penetration testing engagements
• Experience working within ISO 27001 or similar compliance frameworks - experience with compliance monitoring tools (e.g., Vanta) is a plus
• Experience integrating security practices into CI/CD pipelines and developer workflows
• Able to take a security initiative from problem identification through to implementation - you drive things to completion and don't wait to be pushed
• Already working with AI-assisted development tools (e.g., Claude Code, Cursor) in your day-to-day workflow, with solid understanding of AI Engineering concepts and Agentic systems - including the security implications they introduce
• Strong communication skills - you can explain complex security topics to engineers and non-technical stakeholders alike
• Comfortable working across engineering teams without direct authority - you communicate security risks clearly and pragmatically, without blocking delivery

Why Datacamp? 

Joining DataCamp means becoming part of a dynamic, creative, and international start-up. Here are just a few of the reasons why you’ll love being on our team:

• Exciting challenges: Face new technical challenges daily, keeping your work engaging and rewarding.
• Competitive compensation: We offer a competitive salary with attractive benefits.
• Flexibility: Benefit from flexible working hours because the future is flexible! 
• Continuous learning: Access a yearly learning budget for conferences & training to support your professional growth.
• Global retreats: Participate in international company retreats, fostering a global team spirit.
• Equipment: Yearly refreshment of your IT Equipment budget for your home working setup.
• Amazing team: Collaborate with a truly exceptional team—seriously, we’re awesome!