Application Security Engineer

About Starburst

Starburst is the data platform for analytics, applications, and AI, unifying data across clouds and on-premises to accelerate AI innovation. Organizations—from startups to Fortune 500 enterprises in 60+ countries—rely on Starburst for fast data access, seamless collaboration, and enterprise-grade governance on an open hybrid data lakehouse. Wherever data lives, Starburst unlocks its full potential, powering data and AI from development to deployment. By future-proofing data architecture, Starburst helps businesses fuel innovation with AI.

About the Role:

As a Security Engineer focused on Application and Product Security, you will play a key role in improving the security posture of our applications, services, and development ecosystem. You will work closely with engineering teams to integrate security into the software development lifecycle, build secure-by-default patterns, and ensure that products are resilient against modern threats. This role combines hands-on technical work, security engineering, and collaboration with developers to guide secure design and remediation. You will help implement security controls, perform assessments, and contribute to the continuous improvement of our security program.

Responsibilities:

• Integrate application security best practices into the development lifecycle by partnering with engineering teams and enabling automated security checks within CI/CD pipelines.
• Support and maintain Application Security based tooling—including SAST, DAST, SCA, and secrets scanning—and help developers interpret and remediate findings.
• Conduct secure code reviews, threat modeling sessions, and application architecture assessments to identify risks and propose mitigation strategies.
• Develop and maintain security automation, guardrails, and reusable components.
• Assist in defining and improving secure coding standards and application hardening practices.
• Support monitoring and detection efforts by helping improve application-level logging, telemetry, and alerting.
• Assist in incident response activities related to application vulnerabilities, including verification, triage, and remediation support.
• Stay current on emerging threats, vulnerabilities, and best practices in application and product security.
• Contribute to documentation including security requirements, guidelines, and remediation playbooks.
• Participate in internal security reviews, compliance-driven assessments, and architectural walkthroughs.
• Develop and help maintain existing application security tools, pipelines, and workflows.
• Collaborate with engineering and product teams to ensure secure deployment and continuous improvement of applications.

Minimum Qualifications:

• Bachelor’s degree in Computer Science, Engineering, MIS, or equivalent practical experience.
• 2–5 years of experience in application security, product security, software engineering with a security focus, or a related technical role.
• Strong understanding of application vulnerabilities and mitigation strategies (OWASP Top 10, CWE).
• Experience with CI/CD tooling, Git-based workflows, and modern development practices.
• Familiarity with cloud security concepts and hands-on experience with at least one cloud platform (AWS, Azure, or GCP).
• Experience with one or more programming languages such as Python, Go, Java, JavaScript/Typescript, or Ruby. (Java and Python preferred.)
• Experience with application security tools such as OWASP ZAP, Burp Suite, SAST/DAST tools, SCA, or dependency scanning.
• Knowledge of secure coding principles, API security, authentication, authorization, and secrets management.
• Strong problem-solving skills and the ability to communicate technical issues clearly to developers and cross-functional stakeholders.
• Understanding of agile development processes and working within engineering teams.
• Ability to Travel: This role will require occasional in-person travel for purposes including but not limited to new hire onboarding, team and department offsites, customer engagements, and other company events. Actual travel expectations may vary by role and business needs.

Where could this role be based?

This role is based in our Boston office and follows a hybrid model, with an expectation of being onsite 1-2 days per week.

Build your career at Starburst

All-Stars have the opportunity and freedom to realize their true potential. By building alongside top talent, we’re empowered to take ownership of our careers and drive meaningful change. Anchored in industry-proven technology and unprecedented success, All-Stars are taking on the challenge everyday to disrupt our industry –  and the future. 

Our global workforce is supported by a competitive Total Rewards program that reflects our commitment to a rewarding and supportive work environment. This includes a variety of benefits like competitive pay, attractive stock grants, flexible paid time off, and more. 

We are committed to fostering an intentional, inclusive, and diverse culture that drives deep engagement, authentic belonging, and an exceptional All-Star experience. We believe that diversity of thought, perspective, background and experience will enable us to own what we do, drive our success and empower our All-Stars to show up authentically.

Starburst provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.