Senior Application Security Engineer

Your Title: Senior Application Security Engineer

Job Location: UK - Remote, Germany - Remote, Poland - Remote OR Romania - Remote

About the Role:

Trimble is seeking a highly experienced and passionate Senior Application Security Engineer to lead our Software Composition Analysis (SCA) and Static Application Security Testing (SAST) initiatives, with a primary focus on driving the strategic implementation and optimization of our SCA tool. This is a pivotal, corporate-level role for an individual who isn't just an expert in application security tooling but is also a visionary leader capable of shaping our organization's approach to open-source security and secure development practices across a global engineering footprint.

You'll be instrumental in evolving our application security posture, acting as a subject matter expert and a champion for best practices within our diverse engineering teams. Your deep technical expertise, combined with strong communication and leadership skills, will enable us to maximize the value derived from our SCA tool investment and further embed security into our software development lifecycle. This role requires the ability to drive strategy and solutions that benefit the vast majority of our engineering teams, ensuring scalable and effective security measures before addressing niche requirements.

Key Responsibilities:

• SCA and SAST Leadership & Global Strategy:

  • Serve as the primary technical lead and subject matter expert for SCA across Trimble, including SAST (if applicable);

  • Drive the strategic vision, roadmap, and continuous improvement of our SCA implementation at an enterprise level, focusing on solutions that scale to 99% of our engineering teams globally;

  • Lead the integration of SCA into our CI/CD pipelines, build systems, and development workflows for various technology stacks (e.g., .NET, Java, Python, JavaScript, Go, etc.);

  • Optimize our SCA policies, rules, and configurations to reduce false positives, increase accuracy, and align with Trimble's risk appetite across diverse product portfolios;

  • Develop and implement strategies for managing and remediating open-source vulnerabilities and license compliance issues identified by our SCA tool, considering the varied needs of a global organization;

  • Champion the adoption of SCA across all development teams through scalable training programs, comprehensive documentation, and strategic support models;

  • Stay current with our SCA tools features, updates, and best practices, proactively recommending and implementing enhancements that benefit the broader engineering organization.

• Application Security Program Enhancement:

  • Collaborate with development teams, architects, and product owners globally to embed security best practices throughout the SDLC;

  • Provide expert guidance and hands-on support for vulnerability remediation efforts across various applications;

  • Develop and deliver security training and awareness programs tailored to developer needs at scale, with a strong focus on SCA and SAST;

  • Contribute to the selection, evaluation, and implementation of other application security tools and processes as needed;

  • Participate in security reviews, threat modeling, and architecture discussions to identify and mitigate security risks early in the development process;

  • Advise on secure coding guidelines and standards.

• Operational Excellence:

  • Establish and report on key metrics and KPIs related to SCA and SAST program effectiveness for the entire organization;

  • Automate security processes and tooling where possible to improve efficiency and scalability;

  • Respond to security incidents related to application vulnerabilities and provide expert analysis and remediation guidance;

  • Mentor junior security engineers and provide technical leadership within the security team.

Required Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience;

• 5+ years of progressive experience in application security, with a strong focus on secure software development lifecycle (SSDLC);

• Demonstrable expert-level experience (5+ years) specifically implementing, configuring, tuning, and optimizing SCA for large, complex organizations. This includes deep expertise with SCA and a strong understanding of its integration capabilities;

• Proven experience with other SAST tooling (e.g., Checkmarx, SonarQube, Fortify, Veracode) and a strong understanding of their principles and challenges;

• Hands-on experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Azure DevOps, GitLab CI, GitHub Actions);

• Strong understanding of common application security vulnerabilities (OWASP Top 10, CWE) and their exploitation and remediation;

• Proficiency in at least one major programming language (e.g., Java, C#, Python, JavaScript, Go);

• Experience working in agile development environments;

• Exceptional communication, presentation, and interpersonal skills, with the ability to articulate complex technical concepts and strategic initiatives to a wide (global) audience of engineers and product owners;

• Proven ability to drive strategy and influence change at an organizational level, focusing on broad solutions that impact a significant majority of engineering teams;

• Proven ability to lead and influence cross-functional teams without direct authority.

About Trimble:

Trimble is transforming the way the world works by delivering products and services that connect the physical and digital worlds. Core technologies in positioning, modeling, connectivity and data analytics enable customers to improve productivity, quality, safety and sustainability. From purpose built products to enterprise lifecycle solutions, Trimble software, hardware and services are transforming a broad range of industries such as agriculture, construction, geospatial and transportation and logistics.

How to Apply: Please submit an online application for this position by clicking on the ‘Apply Now’ button located in this posting.

Posting Date

Application Deadline: Applications could be accepted until at least 30 days from the posting date.

Join a Values-Driven Team: Belong, Grow, Innovate.

At Trimble, our core values of Belong, Grow, and Innovate aren't just words—they're the foundation of our culture. We foster an environment where you are seen, heard, and valued (Belong); where you have an opportunity to build a career and drive our collective growth (Grow); and where your innovative ideas shape the future (Innovate). We believe in empowering local teams to create impactful strategies, ensuring our global vision resonates with every individual. Become part of a team where your contributions truly matter.

Trimble’s Privacy Policy

If you need assistance or would like to request an accommodation in connection with the application process, please contact AskPX@px.trimble.com.