Senior Application Security Engineer

About the role

Credo is seeking a Senior Application Security Engineer to join our Security Team. This role will be responsible for advancing the organization's Secure Software Development Lifecycle (Secure SDLC), identifying and mitigating application security risks, and partnering closely with software, firmware, and engineering teams throughout the development lifecycle.

The ideal candidate will possess strong expertise in application security, secure coding practices, threat modeling, vulnerability management, and DevSecOps. This individual will act as a security advisor to engineering teams and help drive security initiatives across software, firmware, cloud, and AI-enabled development environments.

Base salary range is $100,000 - $150,000 a year. The base salary offer will depend on factors such as education, experience, training, skills, qualifications, and location. This position is also eligible for a discretionary bonus, equity and a full range of medical and other benefits.

Why Credo

• Purpose: We invest in what matters. From meaningful-future shaping projects to competitive compensation, we empower you to grow your career while making a lasting impact.
• People: Connection starts within. We collaborate, celebrate wins, and create an environment where everyone can do their best work.
• Possibilities: Our belief shapes what's next. Our technology powers the most reliable and energy-efficient connections around the world - and our team powers new products and markets that come next.

Responsibilities

Secure SDLC Implementation

• Implementation and continuous improvement of the Secure Software Development Lifecycle (Secure SDLC) program.
• Partner with engineering leadership to embed security requirements into software and firmware development processes.
• Define security standards, secure coding guidelines, and security gates across the development lifecycle.
• Drive adoption of security-by-design principles across products and services.

Application Security

• Conduct application security reviews, architecture reviews, and threat modeling exercises.
• Perform source code reviews and security assessments of internally developed applications and products.
• Identify, assess, prioritize, and track remediation of application security vulnerabilities.
• Support penetration testing activities and coordinate remediation efforts with development teams.
• Evaluate security risks associated with new technologies, frameworks, and third-party components.

DevSecOps & Automation

• Implement and manage SAST, DAST, SCA, Secrets Scanning, Container Security, and CI/CD security controls.
• Collaborate with DevOps teams to automate security testing and vulnerability management processes.

Qualifications

Basic Qualifications

• 5+ years in application/product security with hands‑on work in secure design, threat modeling, code review, and vulnerability management.
• Secure SDLC leadership including 3+ years implementing or managing SDLC programs and partnering with engineering teams throughout the lifecycle.
• Strong application security expertise including secure coding principles, architecture reviews, API security, and remediation guidance.
• Technical depth in C, C++, and Python with experience reviewing and securing applications in these languages.
• DevSecOps and automation proficiency including GitHub/GitLab, CI/CD pipelines, SAST/DAST/SCA, container security, and security automation tooling.
• Cross‑functional communication with the ability to mentor developers, influence secure development practices, and support audits or customer assessments.

Preferred Qualifications

• Embedded and hardware security experience across semiconductor, networking, ASIC, or similar environments.
• Firmware and ASIC security, including securing embedded software and hardware‑adjacent applications.
• AI‑assisted development security and strong familiarity with secure AI usage patterns.
• Cloud security expertise across AWS, Azure, and GCP.
• Knowledge of security frameworks including STRIDE, NIST SSDF, NIST CSF, CIS Controls, and ISO 27001.
• Relevant certifications such as GWAPT or GIAC GWEB.
• Secure SDLC leadership with a track record of partnering with engineering leadership to improve product security.

About Credo

Credo's mission is to transform connectivity at scale through fast, reliable, and energy-efficient system solutions. Our high-speed copper and optical interconnect products deliver industry-leading power and performance at up to 1.6T to meet the ever-expanding data infrastructure demands of AI.

Our product portfolio includes ZeroFlap (ZF) Active Electrical Cables (AECs) and ZF optical transceivers, OmniConnect memory solutions, and a suite of retimers and DSPs for optical and copper Ethernet and PCIe, all leveraging the PILOT diagnostic and analytics software platform. Credo innovations enable our customers to connect the systems that connect the world.

Credo is committed to creating an inclusive environment for all employees and welcome applicants from diverse backgrounds without regard to race, color, religion, gender, sex, sexual orientation, national origin, genetic information, age, disability, veteran status, or any other legally protected basis. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email people@credosemi.com. Apply Now