Application Security Engineer

San Francisco, CA
R&D – Engineering
PlanGrid is used on thousands of construction projects (including hospitals, government buildings, universities, utility plants, etc.), and we must do everything in our power to keep our 40M+ blueprints secure for our customers. As an Application Security Engineer, you will be responsible for securing our web and mobile applications. You will work with development teams to design and build secure solutions, get involved in all stages of software development, and generally solve security challenges. The Application Security Engineer will lead application security reviews of all projects while setting standards and defining best practices for the R&D organization.


    • Perform application security design reviews against new products and services
    • Track and prioritize all security issues
    • Build internal security tools that help fix security problems at scale
    • Play a lead role in developing and designing application-level security controls and standards for our SaaS rollouts
    • Perform code review and drive remediation of discovered issues
    • Enable automated security testing at scale to measure vulnerability, and report on risk across all the web and mobile platforms
    • Lead and manage our bug bounty program
    • Build the security development training program to train developers on secure coding practices

Required Skills:

    • Experience or working knowledge of modern development, test, and deployment models
    • Demonstrated expertise in application security domain
    • Understanding of application security in context of SDLC and CI-CD
    • Working knowledge on exploiting and fixing  application vulnerabilities
    • Proficient in one or more programming languages such as React, Python, Ruby, etc
    • Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences


    • Minimum Requirements: Bachelor’s or Master's degree with 4 years of experience securing complex production environments.
    • Strong knowledge of web protocols
    • Knowledge of various security tools and architecture
    • Knack for finding flaws in software and ability to efficiently communicate how to fix them
    • Strong communicator who is accustomed to working closely with a product team
    • Ability to think about problems from an out-of-the box perspective; doesn’t always default to industry norms
    • Ability to think like an attacker and use that context to develop threat models

PlanGrid is the leader in construction productivity software. Used on more than 1 million projects around the world, PlanGrid's value extends over numerous phases of construction, building a massive and accurate history of every jobsite through everyday use that creates a data-rich record set at turnover that is essential to long-term operations. 

PlanGrid is the first construction productivity software that allows contractors and owners in commercial, heavy civil, and other industries to collaborate easily from their mobile devices and desktop. PlanGrid is used in more than 79 countries by thousands of customers including DPR, Granite, NVIDIA, Target Corporation, and Tutor Perini. PlanGrid was a member of  Y Combinator’s 2012 Winter Class, and has secured over $69 million in funding from Sequoia, Tenaya Capital Founders Fund, GV, 500 Startups, Box, Northgate,  and Spectrum 28.  

For more information, please visit:

PlanGrid is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, or genetic information

As part of GDPR compliance procedures, we have posted our Recruiting Privacy Notice on our website. Please also note that the advertised position is an opportunity with Autodesk, Inc. (, as Autodesk recently acquired PlanGrid. Processing of your personal information as part of the job application process, and as part of Autodesk employment should a candidate be hired, will be handled by Autodesk pursuant to Autodesk’s Candidate Privacy Statement, available at: