Senior Product Security Engineer | Application Security
To see similar active jobs please follow this link: Remote Development jobs
Position Summary
Do you enjoy the challenge of securing complex systems? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Senior Product Security Engineer, experienced with modern software development practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.
We're looking for candidates with a mix of software development and application security experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.
You must have experience with securing web applications, APIs and software systems, working with public cloud infrastructure, and be familiar with container technologies.
Key Responsibilities
Define standards for secure development and configuration of application and infrastructure components; and coordinate with other teams to ensure compliance with those standards
Perform threat modeling, security design reviews, code reviews, and security consultations with software and systems engineers
Implement, manage and improve vulnerability scanning tools (including SAST, DAST, SCA, and application fuzzing), configuration auditing and other security assessment tools
Build and improve vulnerability management processes and tooling to support system owners to successfully
Conduct manual pen testing of new features + existing systems; lead red team exercises
Coordinate third party pentesting and bug bounty programs
Triage vulnerability findings, evaluate risk, recommend effective remediation actions
Develop and deliver training on secure development standards and process
Contribute to disaster recovery and contingency planning
Perform and/or lead security incident response activities
Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
Support security compliance & certifications programs (e.g., FedRAMP, NIST SP800-53, NIST CSF, SOC 2, ISO, FIPS 140-2, etc.) by becoming familiar with control requirements, owning/operating specific controls, and helping other teams meet requirements
Other duties as assigned
Required Qualifications
Bachelor’s degree or equivalent experience in computer science, engineering, or information technology
8+ years of experience in security engineering, application security and software development
Experience securing cloud-based web applications, APIs, data; performing security design reviews, code reviews and threat modeling exercises
Knowledge of software security vulnerabilities and best practices for Golang, Typescript, Javascript, Python, C/C++, React
Solid knowledge of Git
Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)
Experience with AWS cloud platform
Must be a U.S. citizen
Preferred Qualifications
Obtained applicable certifications for software security, web application penetration testing or equivalent
Experience securing a cloud service (i.e., software as a service (SaaS)) offerings and shippable software products
Experience with meeting FedRAMP, NIST SP 800-53 and similar compliance requirements
Experience with Google Cloud Platform (GCP) and Azure
Experience deploying and maintaining systems using modern Orchestration and Infrastructure-as-Code technologies
The base salary for this position rages from 136,600 - 180,000 plus bonus + benefits
Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each.
About the job
Senior Product Security Engineer | Application Security
To see similar active jobs please follow this link: Remote Development jobs
Position Summary
Do you enjoy the challenge of securing complex systems? Want to be a part of a collaborative team that builds solutions that protect some of the biggest networks in the world? ExtraHop is seeking a Senior Product Security Engineer, experienced with modern software development practices to build and operate product security program capabilities, tools, and processes that allow us to keep pace with a rapidly changing security landscape, reduce security risk and enable organizational success.
We're looking for candidates with a mix of software development and application security experience, who enjoy working in a collaborative environment and taking direct action to identify, remediate and prevent vulnerabilities and security issues.
You must have experience with securing web applications, APIs and software systems, working with public cloud infrastructure, and be familiar with container technologies.
Key Responsibilities
Define standards for secure development and configuration of application and infrastructure components; and coordinate with other teams to ensure compliance with those standards
Perform threat modeling, security design reviews, code reviews, and security consultations with software and systems engineers
Implement, manage and improve vulnerability scanning tools (including SAST, DAST, SCA, and application fuzzing), configuration auditing and other security assessment tools
Build and improve vulnerability management processes and tooling to support system owners to successfully
Conduct manual pen testing of new features + existing systems; lead red team exercises
Coordinate third party pentesting and bug bounty programs
Triage vulnerability findings, evaluate risk, recommend effective remediation actions
Develop and deliver training on secure development standards and process
Contribute to disaster recovery and contingency planning
Perform and/or lead security incident response activities
Participate in an on-call rotation with occasional after-hours paging to review carefully prioritized security detections
Support security compliance & certifications programs (e.g., FedRAMP, NIST SP800-53, NIST CSF, SOC 2, ISO, FIPS 140-2, etc.) by becoming familiar with control requirements, owning/operating specific controls, and helping other teams meet requirements
Other duties as assigned
Required Qualifications
Bachelor’s degree or equivalent experience in computer science, engineering, or information technology
8+ years of experience in security engineering, application security and software development
Experience securing cloud-based web applications, APIs, data; performing security design reviews, code reviews and threat modeling exercises
Knowledge of software security vulnerabilities and best practices for Golang, Typescript, Javascript, Python, C/C++, React
Solid knowledge of Git
Experience working with container-based environments (Kubernetes, Docker, LXC, etc.)
Experience with AWS cloud platform
Must be a U.S. citizen
Preferred Qualifications
Obtained applicable certifications for software security, web application penetration testing or equivalent
Experience securing a cloud service (i.e., software as a service (SaaS)) offerings and shippable software products
Experience with meeting FedRAMP, NIST SP 800-53 and similar compliance requirements
Experience with Google Cloud Platform (GCP) and Azure
Experience deploying and maintaining systems using modern Orchestration and Infrastructure-as-Code technologies
The base salary for this position rages from 136,600 - 180,000 plus bonus + benefits
Note: employees, including fully remote staff, are expected to attend two in-person events every year. These events are typically held in our offices in downtown Seattle and run 4-5 days each.