What you’ll do…
- Perform security activities, including security design reviews, threat modeling, code auditing, and security assessments on internally & externally developed software.
- Support product security issue triage, help lead 3rd-party security assessments, provide ad-hoc technical security expertise to product, sales, & engineering teammates.
- Build and maintain application security development policies, procedures & standards.
Skills you have…
- You have the ability to quickly learn new things and take on new challenges. You’re flexible and a creative problem solver.
- You’re comfortable manually auditing code for vulnerabilities, using static & dynamic code analysis tools, building custom security tools, and bootstrapping test environments.
- You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security.
3 Reasons why you should apply…
- You’re excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
- You love to communicate in a friendly, encouraging manner with software engineers, helping to not only identify security issues, but also mentor and advocate on solutions.
- You’re passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many partners.
This job may not be for you if….
- You only find excitement in breaking software. This role requires a broad participation in realizing a best-in-class application security program that demonstrates many talents at once.
- Getting work done quickly is more important than how you present that work. We pride ourselves in detail-oriented, well-written communications -- whether on reports or email.
- You don’t enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.