Senior AppSec Engineer – Cloud, API & Software Supply Chain

Who We Are

Applied Materials is a global leader in materials engineering solutions used to produce virtually every new chip and advanced display in the world. We design build and service cutting-edge equipment that helps our customers manufacture display and semiconductor chips the brains of devices we use every day. As the foundation of the global electronics industry Applied enables the exciting technologies that literally connect our world like AI and IoT. If you want to push the boundaries of materials science and engineering to create next generation technology join us to deliver material innovation that changes the world.

What We Offer

Location:

Youll benefit from a supportive work culture that encourages you to learn develop and grow your career as you take on challenges and drive innovative solutions for our customers. We empower our team to push the boundaries of what is possiblewhile learning every day in a supportive leading global company. Visit our Careers website to learn more.

At Applied Materials we care about the health and wellbeing of our employees. Were committed to providing programs and support that encourage personal and professional growth and care for you at work at home or wherever you may go. Learn more about our benefits.

Role Summary

We are looking for a highly motivated Senior Application Security Engineer to join our Application Security team. This role will focus on securing modern cloud-native applications with emphasis on API security Infrastructure as Code (IaC) containerized workloads and Open-Source Software (OSS) security.

The ideal candidate will work closely with engineering platform and product teams to embed security into the SDLC and enable secure-by-design development practices on a scale.

Key Responsibilities

Application & API Security

• Establish and mature an API security program including tools processes governance standards and best practices
• Define secure API design guidelines aligned with OWASP API Top 10 and industry standards
• Evaluate and integrate API security tools into the SDLC and CI/CD pipelines
• Partner with engineering teams to embed secure-by-design API patterns
• Guide implementation of API authentication and authorization controls (OAuth2 OIDC JWT mTLS)

Infrastructure as Code (IaC) Security

• Review and assess IaC templates (Terraform ARM CloudFormation etc.) for security misconfigurations
• Define and maintain secure IaC guardrails and policies
• Integrate IaC security scanning into CI/CD pipelines
• Partner with cloud and platform teams to remediate infrastructure risks early in the lifecycle

Container & Kubernetes Security

• Assess container images for vulnerabilities misconfigurations and insecure base images
• Review Kubernetes manifests Helm charts and deployment configurations
• Advice on runtime security controls least privilege and workload isolation
• Support adoption of container security best practices across development teams

Open-Source Software (OSS) Security

• Manage open-source risk including vulnerabilities licensing and supply-chain threats
• Support and tune SCA (Software Composition Analysis) tools
• Drive remediation of vulnerable dependencies and guide teams on secure OSS usage
• Contribute to OSS security governance policies and exception handling

Secure SDLC & Enablement

• Embed security checks into CI/CD pipelines (SAST DAST SCA IaC container scans)
• Provide actionable remediation guidance to developers
• Create security documentation standards and secure coding guidelines
• Deliver security awareness sessions and hands-on enablement for engineering teams

Collaboration & Reporting

• Partner with AppSec peers PSIRT Cloud Security and Engineering stakeholders
• Track findings risk acceptance and remediation progress
• Contribute to metrics and reporting for application security posture

Required Qualifications

• 47 years of experience in application security product security or secure software engineering
• Strong understanding of web application and API security fundamentals
• Hands-on experience with cloud-native environments (AWS Azure or GCP)
• Practical exposure to:
  • API security testing and design reviews
  • IaC tools (Terraform ARM CloudFormation etc.)
  • Containers and Kubernetes
  • Open-source dependency management
• Familiarity with OWASP Top 10 OWASP API Top 10 CWE CVSS
• Experience integrating security tools into CI/CD pipelines
• Ability to clearly communicate security risks and solutions to engineering teams

Preferred / Nice-to-Have Skills

• Experience with AppSec tooling such as SAST DAST SCA IaC scanning container security tools
• Knowledge of Zero Trust and cloud security architectures
• Experience with DevSecOps practices
• Exposure to AI/ML security including risks related to:
  • AI-enabled applications and APIs
  • Model and dependency supply chain risks
  • Prompt injection data leakage and misuse scenarios
• Relevant certifications (e.g. CSSLP GWAPT CCSP Kubernetes security certifications)
• Prior experience working with globally distributed engineering teams

Behavioral & Leadership Expectations

• Demonstrates independent execution within defined security domains
• Proactively identifies security gaps and drives improvements
• Strong collaboration and influencing skills without direct authority
• Balances security risk with business and engineering priorities
• Shows ownership accountability and a continuous learning mindset

What Success Looks Like in This Role

• Improved security posture of APIs cloud infrastructure containers and OSS usage
• Faster and more effective vulnerability remediation by engineering teams
• Security embedded early and consistently across the SDLC
• Clear scalable security standards adopted across product teams

Additional Information

Time Type:

Employee Type:

Travel:

Relocation Eligible:

Applied Materials is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race color national origin citizenship ancestry religion creed sex sexual orientation gender identity age disability veteran or military status or any other basis prohibited by law.