As a Principal Applications Security Engineer at our company, you will lead application security efforts across a portfolio of on-premises software and applications. Your role will involve providing expert guidance, driving secure development practices, and leading key security activities such as threat modeling and backlog management. You will work independently and collaborate with engineering teams and product stakeholders to continually strengthen the security posture of the portfolio. **Responsibilities:**
Provide subject-matter expertise in identifying, assessing, and resolving application security issues across the product portfolio. - Lead threat modeling activities for new features and architectural changes to ensure risks are well understood and addressed. - Guide development teams in adopting secure coding practices for .NET/C# and Angular applications. - Manage and prioritize the application security backlog, independently driving risk-based remediation with product teams. - Support and mature Security Champions by providing coaching, guidance, and security best practices. - Operate and improve existing application security tooling within CI/CD pipelines and influence future enhancements. - Develop security guidance and automation to shift security earlier in the development lifecycle. - Participate in architecture and security reviews, providing constructive feedback on designs. - Contribute to the ongoing adoption of NIST SSDF-aligned practices across the development lifecycle. **Qualifications:**
**Qualifications / Education required:**
Degree (or equivalent) in a Computer Science or Software Engineering discipline. **Experience required:**
Solid experience in an Application Security or DevSecOps role. - Strong software engineering background, ideally including .NET and C#. - Experience securing applications built with .NET/C# and modern front-end frameworks such as Angular. - Strong understanding of secure software development lifecycle principles and major security frameworks (e.g., NIST, OWASP). - Ability to identify and remediate application security vulnerabilities beyond common patterns such as the OWASP Top 10. - Hands-on experience using common application security tooling (e.g., SAST, DAST, SCA). **Aptitude/skills required:**
Good written and oral communication skills. - Ability to work autonomously, manage workload effectively, and make thoughtful recommendations with limited guidance. - Ability to influence and collaborate with cross-functional teams at all levels of the organization. You will be part of Waters Corporation, a global leader in life sciences and diagnostics. Waters Corporation is dedicated to accelerating the benefits of pioneering science through analytical technologies, informatics, and service. Our innovative portfolio harnesses deep scientific expertise across chemistry, physics, and biology to advance the release of effective medicines, ensure food and water safety, and improve patient outcomes worldwide. Diversity and inclusion are fundamental to our core values at Waters Corporation. We comply with all applicable laws and are proud to be an equal opportunity workplace and an affirmative action employer. All hiring decisions are based solely on qualifications, merit, and business needs. As a Principal Applications Security Engineer at our company, you will lead application security efforts across a portfolio of on-premises software and applications. Your role will involve providing expert guidance, driving secure development practices, and leading key security activities such as threat modeling and backlog management. You will work independently and collaborate with engineering teams and product stakeholders to continually strengthen the security posture of the portfolio. **Responsibilities:**
Provide subject-matter expertise in identifying, assessing, and resolving application security issues across the product portfolio. - Lead threat modeling activities for new features and architectural changes to ensure risks are well understood and addressed. - Guide development teams in adopting secure coding practices for .NET/C# and Angular applications. - Manage and prioritize the application security backlog, independently driving risk-based remediation with product teams. - Support and mature Security Champions by providing coaching, guidance, and security best practices. - Operate and improve existing application security tooling within CI/CD pipelines and influence future enhancements. - Develop security guidance and automation to shift security earlier in the development lifecycle. - Participate in architecture and security reviews, providing constructive feedback on designs. - Contribute to the ongoing adoption of NIST SSDF-aligned practices across the development lifecycle. **Qualifications:**
**Qualifications / Education required:**
Degree (or equivalent) in a Computer Science or Software Engineering discipline. **Experience required:*