AppSec Jobs
← Back to all jobs

Trellix

Application Security Engineer

IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Trellix

Trellix is a global cybersecurity company formed in 2022 from the merger of McAfee Enterprise and FireEye. Headquartered in Plano, Texas, it specializes in advanced, GenAI-powered extended detection and response (XDR) platforms. These platforms integrate hardware, software, and services to effectively detect, investigate, respond to, and recover from complex cyber threats across hybrid, cloud, and endpoint environments. The company serves over 53,000 business and government customers worldwide, protecting millions of endpoint nodes and analyzing millions of URLs daily. Trellix offers a range of cybersecurity solutions, including its open XDR platform, threat intelligence services, endpoint and network security tools, and incident response capabilities. With a focus on proactive threat intelligence and risk management, Trellix is committed to addressing the global cybersecurity talent gap and fostering innovation through partnerships and corporate social responsibility initiatives.

Industry

computer & network security

Employees

4,000

1202 engineers

Revenue

$1.1B

Website

Visit →

Security at Trellix

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Trellix's AppSec philosophy is centered on a formal Secure Development Lifecycle (SDL), described as a 'collection of practices focused on security aspects of software development.' The team adopts a 'risk-based approach' through its Information Security Management System (ISMS).
  • Culturally, the team is described as 'collaborative problem-solvers' who view 'security as an enabler.' A core tenet is the 'Customer Zero' program, where Trellix uses its own security products internally to validate their effectiveness.

Security Team

  • Trellix maintains a centralized, global information security program led by the Office of the Chief Information Security Officer (OCISO).
  • The 'Product Security' sub-organization is specifically responsible for Vulnerability Management, PSIRT, SDL, and Security Architecture.
  • Application Security Engineers are expected to 'own the vulnerability management lifecycle' and 'partner with DevOps/CloudOps to embed security into cloud-native environments.' Active job postings as of April 2026 indicate a focus on collaborative problem-solving where security is viewed as an enabler rather than a gatekeeper.

Key Initiatives

  • Key initiatives include the 'Security Definition of Done (DoD),' which consolidates all security requirements for a product into a single location.
  • The team actively performs Threat Modeling (SDL.T3), Penetration Testing (SDL.T14), and maintains a 'Bug Report' initiative through the Vulnerability Research team.
  • Operational workflows involve driving the 'full vulnerability process from discovery and risk prioritization to coordinating remediation.' The Red Team conducts ethical hacking to strengthen defenses, and the company regularly publishes vulnerability disclosures and research ahead of the market.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.