Used Tools & Technologies
Machine LearningRequired Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Security @ 4
Software Development @ 7
Java @ 4
CI/CD @ 6
Scoping @ 4
Communication @ 4
Git @ 6
JWT @ 4
OAuth @ 4
OWASP @ 4
.NET @ 4
AI @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow.
SentinelOne is at the intersection of AI and security, pioneering an AI-native platform that unifies protection across endpoint, cloud, identity, data, and AI systems. Our teams are builders, problem-solvers, and innovators committed to shaping the future of security.
Role overview
As a Sr. Staff Back-End AppSec Lead, you will act as a trusted advisor to customers by reviewing and validating AI-generated findings on Java and .NET back-end systems during high-stakes security engagements. You will work directly with SentinelOne’s agentic code scanning pipeline to analyze vulnerabilities, apply expert human judgment, and communicate actionable results to both technical teams and executive stakeholders. You will help build and scale the Wayfinder Frontier AI Services practice by refining methodologies, improving AI-assisted exposure management workflows, and collaborating with offensive and defensive security experts.
Responsibilities
- Lead Wayfinder Frontier AI Services customer engagements end-to-end: scope work, deliver technical findings, and present results to executive and technical stakeholders.
- Review and triage findings from the agentic code scanning pipeline against customer Java and .NET codebases; validate true positives, eliminate noise, and ensure findings delivered to customers are actionable.
- Conduct deep code review across Java and .NET code and common frameworks.
- Present findings to stakeholders, translate technical risk into business impact, and map exposures into end-to-end exploitation chains.
- Author and maintain SAST rule packs that scale across the customer base, and partner with AI/ML engineers to improve the agentic scanning engine.
- Provide expert remediation guidance to customer development teams and validate fixes through follow-up review.
- Work closely with engineering teams to enhance the agentic code scanning pipeline and reduce false positives.
- Mentor Senior-level AppSec engineers and dev-skilled threat hunters; raise the technical bar of the practice and shape service-line methodology, engagement playbooks, and scoping templates.
Requirements
- 7+ years in application security or product security with a strong software development background.
- Proven track record translating complex findings into technical and executive-level debriefs; excellent written and verbal communication.
- Experience delivering customer-facing or consulting-style engagements end-to-end; comfortable in a distributed remote organization.
- Expert-level Java and Spring experience; experience identifying and explaining framework-level vulnerabilities.
- Expert-level .NET Framework and ASP.NET Core experience; knowledge of vulnerabilities and secure coding methodologies.
- Mastery of OWASP Top 10, CWE Top 25, and modern authentication infrastructure (SAML, OAuth, OIDC, JWT internals).
- Hands-on experience authoring custom static-analysis rules and queries for modern SAST engines; familiarity with AI-assisted code review workflows and validating findings from automated and agentic analysis pipelines.
- Strong threat modeling experience throughout the secure SDLC.
- Fluency with Git-based source control and CI/CD pipelines, including build-pipeline security controls, runner hardening, and release-gate enforcement.
- Experience with AI-accelerated development and code scanning methodologies.
Benefits
- Restricted Stock Units (RSUs)
- Employee Stock Purchase Plan (ESPP)
- Flexible time off, paid company holidays and paid sick time
- Gender-neutral parental leave and grandparent leave
- Medical, dental, and vision coverage
- 401(k) retirement plan with company match
- Life and disability insurance
- Health and dependent care FSA
- Voluntary benefits (hospital, accident, critical illness)
- Employee Assistance Program (EAP)
- ARAG pre-paid legal
- Nationwide pet insurance
- Cancer Care program
- Global business travel medical insurance
- Home office allowance and mobile phone reimbursement
- Wellness coach, wellness/gym reimbursement
- Fertility coverage, adoption & surrogacy reimbursement
Compensation & Legal
This U.S. role has a base pay range that will vary based on the location of the candidate. Base Salary Range: $184,000—$235,000 USD.
SentinelOne participates in the E-Verify Program for all U.S. based roles and is an Equal Employment Opportunity and Affirmative Action employer.