.At Udemy, we're on a mission to transform lives through learning. Through our intelligent skills platform and a global community of instructors, we've helped over 70 million learners and 16,000 organizations achieve their goals. Come join us in ensuring everyone, everywhere has access to the skills they need to unlock their potential and create possibilities for themselves and others.This hybrid position requires two days per week in the office at the nearest hub.About YouYou're an analytical problem-solver ready to put your skills toward purposeful work that has a global impact. You want to lead the way in innovation, exploring the latest technologies and finding new solutions. You thrive in a collaborative environment and are eager to work with and learn alongside the best in Product, Design, and Engineering.About this roleAs a Senior Application Security Engineer, you will be pivotal in ensuring that security is woven into the fabric of our software development processes. You will collaborate closely with development teams to implement "developer-first" and "shift-left" approaches to security, enabling teams to build secure applications from the ground up. Leveraging your deep understanding of application security frameworks and principles, you will help instill a security-first mindset across the organization.Security and trust are vital to the Udemy business model and integral to product development.Partner with cross-functional Product Development and Engineering, Trust and Safety, and Data Science teams to help conceptualize and develop world-class solutions.Foster a community of security and privacy champions.What you'll be doingKey Responsibilities:Security Integration: Collaborate with development teams to integrate security practices into all phases of the software development lifecycle (SDLC) using "shift-left" principles.Developer Enablement: Advocate for and implement "developer-first" security tools and processes that empower developers to write secure code without sacrificing agility.Framework Expertise: Utilize your expertise in key application security frameworks (e.G., OWASP Top 10, SANS Top 25) to assess and enhance the security of our applications.Code Reviews: Conduct security-focused code reviews and provide actionable feedback to developers.Security Champions Program: Lead and expand our Security Champions program by identifying and mentoring developers across the organization to be security advocates.Vulnerability Management: Work with teams to identify, prioritize, and remediate security vulnerabilities in applications.Threat Modeling: Collaborate with teams to perform threat modeling, identifying potential security risks early in the development process.Red Teaming: Work in a proactive manner to continually test internal services for vulnerabilities and weaknesses. Consult with the corresponding product owners and engineering teams to prioritize and correct any issues identified