Sr. Staff Software Engineer (Application Security) (Remote - US)

Be part of a team that values safety, inclusion, and excellence

We are one of the largest U.S. railroads transporting the nation’s freight across 28 western states and 3 Canadian provinces. As a member of our team, you will play a role in supporting the movement of essential products and materials that help feed, clothe, supply, and power communities throughout America and the world.  

We are committed to a culture where all employees are included, belong, and have equal opportunity to achieve their full potential. Come make a difference with us!

Learn more about BNSF and our Benefits

Job Location: REMOTE
Other Potential Locations: Remote US 
Anticipated Start Date: 06/16/2025
Number of Positions: 1 
Salary Range: $243,750 - $406,250

The US base salary range for this full-time position is $243,750 - $406,250 plus bonus eligibility and other elements of our total rewards package.  The range represents the amount bnsf | tech reasonably expects to pay for the position based on the level, scope, and responsibilities of the role.  Individual compensation and level of position offered is determined by the hiring location and additional factors including but not limited to job-related skills, experience, and relevant education or training. In addition to base pay, BNSF offers a comprehensive benefits package.

Apply early as this job may be removed or filled prior to the closing date, which is approximately seven (7) days after the posting date.

We are committed to a culture where all employees are included, belong, and have equal opportunity to achieve their full potential. Come make a difference with us! 

The bnsf | tech department drives innovation and efficiency by developing and maintaining advanced technological solutions across the network. This team ensures a robust IT infrastructure, supports critical applications, and enhances cybersecurity measures. Their expertise is essential in optimizing operations and enabling BNSF to deliver reliable, cutting-edge transportation services. 

This is a full-time position. Our leaders also foster a culture where work life balance, which requires flexibility for when life happens, is important and respected.

We are seeking a talented and driven Application Security Engineer to join our growing security team. This role will focus on securing our web, mobile, and cloud applications through threat modeling, code reviews, penetration testing, and working closely with developers to integrate secure coding practices.

As an Sr Staff Application Security Engineer, you will

• Lead the design, implementation and maintenance of application security tools and systems to ensure secure and efficient functionality
• Conduct security assessments of applications and identify vulnerabilities
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC)
• Perform static and dynamic code analysis
• Develop and maintain automated security testing tools and scripts
• Participate in threat modeling and architecture reviews
• Track and manage remediation of security issues
• Stay current with the latest security threats, trends, and technologies
• Stay up to date with emerging technologies and industry trends and apply them to operations and activities.
• Provide technical leadership and mentorship to junior engineers.
• Ensure compliance with regulatory requirements and industry standards.

Basic Qualifications

• I am CURRENTLY authorized to work in the US
• Bachelor’s degree in Computer Science, Engineering, Cybersecurity or equivalent education or work experience.  
• At least 10+ years of experience in application development or application security, with demonstrated success delivering enterprise-scale solutions. 
• Strong knowledge of common application vulnerabilities (OWASP Top 10, CWE)
• Proficiency in one or more programming languages (e.g., Java, Python, JavaScript, Go)
• Experience with security tools (e.g., SAST, DAST, IAST, SCA, Burp Suite)
• Strong communication skills and the ability to work cross-functionally

• Fluency in more than one technology stack and expertise in several of the following: C, C++, Java, J2EE, JSP, Servlet, EJB, Application (Client/Server), RMI, WAS, Web Services, WS-Security, HTML, XML, XSLT, SOAP, MQ Series, LDAP / Active Directory.  
• Experience with continuous delivery and infrastructure as code.
• Strong problem-solving ability.
• Experience working in DevSecOps environment, automation first mindset, ability to leverage coding/scripting skills and working experience with APIs.
• Understanding of secure software development lifecycle (SSDLC).

Preferred Qualifications

• If offered a position by BNSF, I will NOT IN THE FUTURE require BNSF’s assistance (whether monetary, through sponsorship, through preparation of a training plan, or otherwise) to obtain employment-based nonimmigrant status, such as H-1B or TN, or other authorization to work at BNSF, such as through STEM OPT.
• Knowledge in the following areas:
  • Mutual TLS (mTLS) Auth for Service -Service
  • OpenID Connect Authorization Code and Client Credential Flows
  • Experience with DB2, SQL Server, Oracle, or another enterprise-class RDBMS
  • Operating Systems like Windows, MacOS, iOS, AIX, and Linux.
  • Java Application Interface Development and Object Models
  • iOS native mobile and wrapped responsive applications
  • Enterprise Service Bus (ESB) technologies / JMS Advanced systems design
• Security certifications (e.g., OSCP, CISSP, CSSLP, GWAPT)
• Knowledge of container and Kubernetes security
• Familiarity with cloud security (AWS, Azure, or GCP) is a plus

At BNSF, you will have access to a comprehensive and competitive benefits package including:

• An industry-leading 401(k) and renowned Railroad Retirement program.
• A range of robust health care options for you and your dependents (including domestic partners), including medical, dental, vision, telemedicine, mental health, cancer support, and high-quality care network options.
• Health care spending accounts (HSA) with employer contributions, as well as life and disability insurance, provided at no cost.
• Family benefits including parental, pediatric and family building support, adoption and surrogacy reimbursement, and dependent care spending account (with employer match).
• Access to discounts on travel, gym memberships, counseling services and wellness support.
• Annual bonus (Incentive Compensation Program)
• Generous leave / time off policies.
• For more information, visit Benefits.

Please be aware of potential fraud that can occur when searching for new career opportunities.  Please review our FAQ for more information and awareness.

All positions require pre-employment background verification, medical review and pre-employment drug screen. You can find more information by reviewing the Hiring Process.  Federal authority requires BNSF employees, whose work requires unescorted access to secure areas of port facilities, to obtain a TWIC.  More information is available at https://www.tsa.gov/for-industry/twic

BNSF Railway is an Equal Opportunity Employer, all qualified applicants receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

SF: MO | [[mfield5]] | bnsf tech | REMOTE, US | 00000