Senior Application Security Engineer

Duo Security   •  

Ann Arbor, MI

Industry: Technology


Not Specified years

Posted 164 days ago

This job is no longer available.

What you’ll do…

  • Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
  • Support product security issue triage, help lead 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
  • Build and maintain application security development policies, procedures & standards.

Skills you have…

  • You have a deep understanding of many vulnerability classes impacting a variety of languages, with an expertise towards Python, Javascript, Java, C, C#, and Objective-C.
  • You have the ability to quickly learn new things and take on new challenges. You’re flexible and a creative problem solver.
  • You’re comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
  • You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.

3 Reasons why you should apply…

  • You’re excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
  • You love to communicate in a friendly, encouraging manner with software engineers, helping to not only identify security issues, but also mentor and advocate on solutions.
  • You’re passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many partners.

This job may not be for you if….

  • You only find excitement in breaking software. This role requires a broad participation in realizing a best-in-class application security program that demonstrates many talents at once.
  • Getting work done quickly is more important than how you present that work. We pride ourselves in detail-oriented, well-written communications -- whether on reports or email.
  • You don’t enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.