AppSec Jobs
← Back to all jobs

SAS

Application Security Engineer

Cary, NCWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About SAS

SAS Institute Inc., commonly known as SAS, is a leading American developer of analytics and artificial intelligence software, based in Cary, North Carolina. Founded in 1976, SAS is one of the largest independent software vendors worldwide, employing around 5,200 people at its headquarters and an additional 8,500 across various global locations. The company is privately held, with co-founders James Goodnight and John Sall owning the majority of the business. SAS offers a comprehensive software suite known as the SAS software suite, which is widely used by Fortune 500 companies for data access, management, analysis, and reporting. Key components include Base SAS and over 200 specialized modules that enhance its capabilities. The software supports various applications, such as fraud detection in finance, retail pricing optimization, and clinical trial evaluations. SAS emphasizes a subscription-based sales model, providing ongoing support and updates to ensure customers benefit from continuous improvements in their analytics solutions.

Industry

information technology & services

Employees

19,000

3154 engineers

Revenue

$3.2B

Website

Visit →

Security at SAS

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • SAS's AppSec mission is to engineer software to protect data and business.
  • Their approach involves real-time application security coaching within development environments.
  • Their product security policy reflects industry best practices and standards, with a goal to continuously refine and automate the monitoring process.

Security Team

SAS has a centralized team of dedicated product security specialists and a network of product security champions representing product teams. Key public-facing leaders and team size estimates are not publicly available. As of, there was 1 active AppSec job posting for a Sr Application Security Architect within the Product Security Organization (PSO). Common skill/tool patterns mentioned include SAST tools like Snyk, Black Duck, Sonar, and DAST/IAST tools such as ZAP, BurpSuite, Kali, Nessus.

Key Initiatives

SAS has a Security Champions Program, evidenced by a network of product security champions representing product teams. Their 'Shift Left' practices include interim checks with peer code reviews and automated scans for SCA and SAST on code push, with development teams receiving security assessment and hardening shifted left wherever possible. The vulnerability management process involves the Product Security Incident Response Team (PSIRT) investigating post-release security vulnerabilities, automation creating audit records and security issue tickets, and remediation according to the SAS Product Security Policy. Secure SDLC artifacts include project-level security reviews each release cycle provide objective evidence of conformance. Recent initiatives within the last 6 months are not publicly available.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.