Senior Software Security Engineer
Do you enjoy leading a great team that is solving challenging problems using the latest technologies? Even better knowing that your work is highly visible and mission critical for thousands of organizations around the globe?
JumpCloud (www.jumpcloud.com) is focused on delivering cloud-based directory services via a SaaS model and as a result we are solving some very difficult problems around identity, authentication, security, and cloud-based architecture cloud scaling.
We are searching for the best in the business when it comes to helping to design and build the next generation of server management and directory software. This disruptive new technology called Directory-as-a-Service® is reinventing a two decade old monopoly, giving organizations freedom of choice with their IT solutions.
What you’ll be doing: We’re looking for a passionate senior security engineer to be the next member of our security team. We work as consultants across the organization to identify risk and impact to the company, and communicate that impact to teams and management. We strive to advocate and teach security and security best practices to engineers every day. We consult, develop tooling and train engineers throughout the SDLC to ensure security is consistently prioritized. Our team is a blend of dedicated security engineers and security-focused software engineers helping ensure JumpCloud develops highly secure software on highly secure public cloud infrastructure.
- Lead a small team of security engineers to manage daily activities and execute long term security objectives
- Serve as a technical lead for our cloud-based infrastructure, network and application security
- Responsible for security throughout the software and infrastructure development lifecycles
- Promote reviewing code to enforce security, which includes reviewing pull requests and providing guidance to engineering teams and peers
- Constantly re-evaluate threat models for our application and infrastructure as we rapidly scale our offering, identifying security issues and prioritize fixes with key stakeholders
- Manage our PKI to ensure an effective security environment
- Participate in building scalable detection systems and security focused telemetry tools
- Become a go-to resource for our sales and support teams
- Work directly with engineering teams to establish and enforce security best practices, protection objectives, process improvements and effective security controls for new and existing products
- Help to conform to various security related standards, SOC2, ISO27001, PCI, etc. and assist with third-party security assessments.
- Participate in enhancing a security strategy focusing in particular on cloud-based infrastructure, networks and applications.
We’re looking for…
Both cloud-based application security expertise and development experience with in-depth knowledge of application security to identify potential risks in code or in deployed applications. With experience in threat modeling you’ll provide security guidance to development teams. You recognize the importance of building security solutions that scale and adapt to changing business requirements. Ideally you enjoy advocating for security awareness by writing papers, giving talks, or hosting educational sessions for developers.
- 5+ years of operational experience as a Security Engineer for a public cloud SaaS application
- Experience with microservice architectures or large distributed systems as well as the platforms used to provide security services in SaaS environments for configuration management, authentication, automation and validation
- Proven experience building security into a SaaS CI/CD pipeline
- Posses the inter-personal skills to be a trusted technical lead and ambassador for security
- Strong understanding of the theory and practice of good SaaS application security, from cryptography to common sense daily behaviour
- Software development experience with two or more languages: Java, Python, JavaScript/Node, C/C++, Go, or Ruby
- Experience communicating security concerns and issues to non-technical audiences
- Adept at providing practical solutions that enable product teams to meet business goals while controlling security risk
- Proven ability to work effectively with both Infrastructure development and application development teams
- Familiarity with current network security and OS security tools and how to apply them in addition to source code level scanning tools.
- Knowledge of cloud networking architecture, cloud operations (AWS a plus), security, automation and orchestration
- Bachelor's degree in Computer Science or equivalent discipline
Where you’ll be working: Our corporate headquarters in downtown Boulder, right next to the Boulder Theater (where you can hear great bands warming up next door).
Why JumpCloud? JumpCloud is in the process of disrupting and modernizing a multi-billion dollar industry owned by the legacy IT world vendors. You’ll have a voice in the organization, with a seasoned executive team, a supportive board and a proven market that our customers are excited about.
This is a great place to share and grow your expertise! You’ll work with passionate developers and product folks to continue to build a worldwide customer base. We’re out of the box thinkers, so your unique approaches to building a high performance product will be valued!
Please submit your résumé along with a brief explanation about yourself and why you would be a good fit for JumpCloud.