Staff Application Security Engineer

We are a leading global asset management firm with over 3,000 employees across 20 offices in 15 countries; we help millions of investors around the world pursue their financial goals.

We hire critical thinkers. People who thrive in a collaborative culture like ours where we solve real problems while building the future of finance.

You

• Are excited to be part of a vibrant engineering community that values diversity, hard work, and continuous learning.
• Love solving complex real-world business problems.
• Recognize that cross-functional collaboration is a core component of success for the team.
• Believe there are multiple ways to solve most technical problems and are willing to debate the trade-offs.
• Have become a stronger engineer by making mistakes and learning from them.
• Are a doer, someone who wants to grow their career and gain experience across technologies and business functions.
  
  

We

• Continuously invest in a high-performance and inclusive culture, in which a diversity of backgrounds, experiences and viewpoints are celebrated and valued.
• Encourage career mobility, so you can benefit from learning different functions and technologies, and we gain the benefits of your experience across teams.
• Run technology pro bono programs that help the non-profit community and give our engineering community opportunities to volunteer and participate.
• Offer education reimbursements and ongoing training in technology, communication, and diversity & inclusion.
• Embrace knowledge sharing through lunch-and-learns, demos, and technical forums.
• Consider our people to be our greatest assetwe will help you learn what PIMCO Technology has to offer so you can participate in activities that benefit your career while delivering impactful technology solutions.
  
  

We are looking for a Staff Application Security Engineer who will shape the future of secure software development at PIMCO. This is a strategic, high-impact role focused on making application security practical, developer-friendly, and deeply integrated into our engineering culture.

You will lead efforts to identify, prioritize, and remediate vulnerabilities in applications (infrastructure is out of scope), while enabling developers through clear guidance, Tech Talks, Wikis, and code examples. Your work will influence how security is understood and applied across the organization, ensuring that security becomes an enablernot a blockerfor innovation.

If you thrive on technical depth, strategic vision, and collaboration, and want to leave a lasting impact on how an entire organization builds secure software, this is your opportunity.

What Youll Do

• Strategic Leadership (30%)Define risk-based priorities and drive remediation strategies that align with business goals.Influence leadership and engineering teams to adopt secure-by-design principles.
• Technical Execution (30%)Analyze vulnerabilities in application code and architecture, focusing on real-world impact.Use vulnerability management tool to track, prioritize, and close gaps efficiently.Embed security into Applications and CI/CD pipelines, ensuring automation and scalability.
• Developer Enablement & Education (20%)Transform complex security issues into developer-friendly solutions.Lead Tech Talks, publish Wikis, and share code examples to make security practical.Act as a trusted advisor for engineering teams on secure coding practices.
• Cross-Functional Collaboration (10%)Partner with product, cloud, and architecture teams to integrate security early in design.Build strong relationships to drive cultural change toward security-first thinking.
• Executive Communication & Reporting (10%)Deliver clear, concise updates on risk posture and program progress to senior leadership.Provide metrics and insights that influence strategic decisions.
  
  

What Were Looking For

• Bachelors degree in Computer Science, Cybersecurity, Information Technology, or equivalent experience.
• 7 years of overall experience in Software Engineering or Application Security
• 3 years in secure software development practices and tools.
• Deep understanding of:Application Security: SCA, Secrets Scanning, SAST, DAST.Cloud Security: AWS, Azure, containers, Kubernetes.
• Strong software engineering background (hands-on coding experience preferred).
• Experience building relationships with software engineering teams, including managing mature product security programs.
• Strategic Vision & Execution Ability to define and communicate a clear vision for security and resilience aligned with enterprise goals.
• Influence & Collaboration Proven experience building partnerships across teams to drive secure-by-design culture.
• Risk-Based Decision Making Ability to balance business priorities, technical constraints, and risk exposure.
• Executive Communication Skilled at translating complex technical concepts for non-technical stakeholders.
• Experience with ArmorCode or similar vulnerability management tools.
  
  

PIMCO follows a total compensation approach when rewarding employees which includes a base salary and a discretionary bonus. Base salary is the fixed component of compensation that is determined by core job responsibilities, relevant experience, internal level, and market factors. The discretionary bonus is used to award performance and therefore is determined by company, business, team, and individual performance.

Salary Range: $ 175,000.00 - $ 240,000.00