Software for rapid military planning: make planning fast enough for today's environment

Application Security Engineer

Application EngineerApplication EngineerFull TimeRemoteTeam 1-10H1B No SponsorCompany Site LinkedIn

Location

United States

Posted

130 days ago

Salary

$170K - $210K / year

5 yrs expEnglishAnsibleAWSCyber SecurityDockerFirewallsJava ScriptKubernetesLinuxTerraform

Job Description

• Find Vulnerabilities in our Software: Bring an attacker’s mindset to review PRs, perform code audits, and utilize static analysis to identify vulnerable code patterns that can be exploited by adversaries. Use dynamic analysis, fuzzers and code reviews to find weaknesses in our codebase and work with developers to patch them. • Fix Vulnerabilities Across the Full Stack: Think like an adversary to find, fix, prevent or patch vulnerabilities from browser to kernel. Utilize vulnerability scanners to find unpatched components, and identify configuration errors that could expose our deployments to an attacker. Work with platform engineers to harden our customer environments and utilize best practices. Advise on network configuration, identity and access management and infrastructure security. • Improve the Security Posture of Infrastructure: Review identity and access management, logging, auditing, monitoring to help craft a layered defense for our corporate infrastructure and customer environments. Work with Cybersecurity analysts to help ensure compliance with corporate/Federal standards like SOC II, NIST and FedRamp Moderate/High. • Make the Team Stronger: Mentor other engineers on best security practices, share news of vulnerable libraries and compromises, engage with community on active threats and trends in exploit development, malware, etc. Work to improve processes to shift security “left” and identify vulnerabilities earlier in the design, development and deployment of our software.

Job Requirements

5+ years of experience in Application Security, Cybersecurity Engineering, Software Engineering or a related field, preferably with first-hand experience ensuring security in high-compliance environments like PCI DSS, HIPAA or NIST.
U.S. citizenship required, security clearance greatly desired.
A strong understanding of Linux, containerization and orchestration, and virtual machines
Networking fundamentals: core protocols and secure configurations.
A deep understanding of incident response processes, with experience conducting thorough root cause analyses and driving continuous improvement
Clear, concise writing; strong documentation habits and async communication.
Core skills and technologies: Javascript/Browser security, Network Security, Firewalls, Intrusion Detection, Static Analysis, Dynamic Analysis, Container Scanning, Kubernetes, Docker, Helm, Ansible, Terraform, Linux, AWS, DoD compliance, Monitoring and Observability tools.