.At Udemy, we're on a mission to transform lives through learning. Through our intelligent skills platform and a global community of instructors, we've helped over 70 million learners and 16,000 organizations achieve their goals. Come join us in ensuring everyone, everywhere has access to the skills they need to unlock their potential and create possibilities for themselves and others.Udemy is headquartered in San Francisco with global offices in Australia, India, Ireland, Türkiye, and other US locations. Our robust hybrid work model spans San Francisco, Denver, Ankara, Dublin, Mexico City, and Melbourne.This hybrid position requires two days per week in the office at the nearest hub.About YouYou're an analytical problem-solver ready to put your skills toward purposeful work that has a global impact. You want to lead the way in innovation, exploring the latest technologies and finding new solutions. You thrive in a collaborative environment and are eager to work with and learn alongside the best in Product, Design, and Engineering.About this roleAs an Application Security Engineer, you will be pivotal in ensuring that security is woven into the fabric of our software development processes. You will collaborate closely with development teams to implement "developer-first" and "shift-left" approaches to security, enabling teams to build secure applications from the ground up. Leveraging your deep understanding of application security frameworks and principles, you will help instill a security-first mindset across the organization.What you'll be doingKey Responsibilities:Security Integration: Collaborate with development teams to integrate security practices into all phases of the software development lifecycle (SDLC) using "shift-left" principles.Developer Enablement: Advocate for and implement "developer-first" security tools and processes that empower developers to write secure code without sacrificing agility.Framework Expertise: Utilize your expertise in key application security frameworks (e.G., OWASP Top 10, SANS Top 25) to assess and enhance the security of our applications.Code Reviews: Conduct security-focused code reviews and provide actionable feedback to developers.Security Champions Program: Lead and expand our Security Champions program by identifying and mentoring developers across the organization to be security advocates.Vulnerability Management: Work with teams to identify, prioritize, and remediate security vulnerabilities in applications.Threat Modeling: Collaborate with teams to perform threat modeling, identifying potential security risks early in the development process.Red Teaming: Work in a proactive and non-destructive manner to continually test internal services for vulnerabilities and weaknesses. Consult with the corresponding product owners and engineering teams to prioritize and correct any issues identified