Senior Security Engineer - Application Security

Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy.

About the role:

We’re looking for a Senior Security Engineer with deep expertise in application security to contribute to efforts across Samsara’s product and corporate environments. You will be responsible for the execution of a number of company-wide initiatives, including topics related to secure software development, vulnerability management, secure code analysis, threat modeling, and bug bounty operations. As a senior contributor, you will partner with engineering and product teams to identify and mitigate security risks early in the development lifecycle and drive secure-by-default practices across our tech stack.

This is a highly visible role that will require a mix of hands-on technical expertise and strategic influence. You’ll help shape the future of application security at Samsara, acting as a subject matter expert in Python and Go security, and running detailed threat modeling sessions for both production systems and internal tooling.

At Samsara, we value working backwards from outcomes. Your ability to define success, influence across domains, and deliver practical solutions that scale with the business is pivotal.

You should apply if:

• You want to impact the industries that run our world: Your efforts will result in real-world impact—helping to keep the lights on, get food into grocery stores, reduce emissions, and most importantly, ensure workers return home safely.
• You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. We set up our employees for success and have built a culture that encourages rapid career development, and countless opportunities to experiment and master your craft in a hyper-growth environment.
• You’re energized by our opportunity: The vision we have to digitize large sectors of the global economy requires your full focus and best efforts to bring forth creative, ambitious ideas for our customers.
• You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by a high-caliber team that will encourage you to do your best.

In this role, you will:

• Participate in expanding Samsara’s enterprise-wide application security strategy, covering both product and internal systems.
• Collaborate on the design and implementation of scalable security controls including static code analysis (SAST), software composition analysis (SCA), and secret scanning pipelines.
• Perform in-depth threat models of critical systems and features, working with engineering and infrastructure teams to mitigate identified risks.
• Act as a subject matter expert in Python and Go security practices—reviewing code, building secure patterns, and educating engineers across the business.
• Partner with developers to remediate high-impact vulnerabilities and build preventative controls that reduce recurring risk.
• Participate in our responsible disclosure and bug bounty program.
• Influence the design and implementation of secure CI/CD practices, including shift-left testing, developer feedback loops, and supply chain integrity.
• Contribute to the Security Engineering team’s technical strategy, roadmap planning, and engineering culture.
• Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices.

Minimum Requirements:

• 4–6+ years of experience in application security, product security, or a related security engineering field.
• Strong experience in at least one programming language, including deep familiarity with Python or Go security best practices.
• Demonstrated ability to perform and lead threat modeling exercises and translate risks into actionable recommendations.
• Experience with SAST/SCA tools such as Semgrep, CodeQL, or Snyk, and integrating them into developer workflows.
• Hands-on knowledge of vulnerability management tools and workflows, including triage, remediation, and reporting practices.
• Familiarity with modern CI/CD practices and experience embedding security testing into development pipelines.
• Strong collaboration and communication skills with experience partnering across teams and disciplines.
• Working knowledge of cloud environments (especially AWS) and infrastructure-as-code practices (Terraform preferred).

An ideal candidate also has:

• Experience managing application security within a regulated or compliance-heavy environment (e.g., FedRAMP, SOC 2).
• Familiarity with Tines, AWS Lambda, or similar automation tools for orchestrating security workflows.
• Contributions to open source security tooling or thought leadership in the AppSec community.
• Experience defining internal security standards or secure coding guidelines at scale.