Application Security Engineer

Position Overview

Our team of security experts helps Autodesk design, build, deploy and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer’s data and their investment in our products by strengthening our applications, underlying services and network.  

As part of this team, you will help strengthen Autodesk’s products by improving the security of our software supply chain. You will work closely with product and platform teams to increase visibility into third-party and open-source dependencies, standardize the use of Software Composition Analysis and SBOMs, and integrate supply chain security controls into build and delivery pipelines. Come practice and grow your product security expertise at scale while helping keep Autodesk one step ahead of emerging supply chain threats. 

Responsibilities  

• Support Autodesk’s software supply chain security program by helping identify, assess, and reduce risk from third-party and open-source dependencies. 

• Assist with the onboarding, operation, and continuous improvement of Software Composition Analysis (SCA) tools across Autodesk products and services. 

• Work with engineering teams to generate, review, and maintain Software Bills of Materials (SBOMs) and improve visibility into dependency usage. 

• Triage and analyze vulnerability findings from SCA tools (e.g., Snyk, Dependabot), validate impact, and partner with product teams on remediation strategies. 

• Help integrate supply chain security controls into CI/CD pipelines and developer workflows to support “secure by default” practices. 

• Develop scripts and automation to support dependency analysis, reporting, and security workflows. 

• Contribute to documentation, standards, and best practices related to dependency management, open-source usage, and secure software development. 

Minimum Qualifications 

• Foundational understanding of application security and software development practices. 

• Familiarity with software supply chain security concepts such as open-source risk, dependency management, and SBOMs. 

• Experience using or supporting Software Composition Analysis (SCA) tools such as Snyk, Dependabot, or similar. 

• Basic scripting or automation experience in a language such as Python, Golang, or equivalent. 

• Familiarity with CI/CD pipelines and modern development workflows (e.g., Git-based version control). 

• Demonstrates strong ownership, curiosity, and willingness to learn in a collaborative environment. 

Preferred Qualifications 

• Bachelor’s in computer science, Information Security, or equivalent professional experience.   

• Hands-on experience generating or consuming SBOMs (e.g., SPDX, CycloneDX). 

• Experience automating security or development workflows using Python or similar scripting languages. 

• Familiarity with vulnerability management processes and remediation prioritization. 

• Exposure to cloud-native or containerized environments. 

• Strong communication skills and comfort working with developers and security stakeholders. 

#LI-PJ1