Software Engineer, Security
Software Engineer, Security at JumpCloud
Louisville, CO and Denver, CO
Overview:
Are you looking to shape a company’s security future?
Some projects you would be contributing to at JumpCloud
- Create an automated security testing suite - You’d be drawing initial threat models, figuring out tools to test the threats and write security test cases using gauntlt to verify those.
- Expand the security component of System Insights, our internal API https://jumpcloud.com/product/system-insights/. System Insights uses osquery behind-the-scenes, so it has a world of security possibilities. You might even have a chance to contribute back/upstream to the actual osquery code.
- We are likely to be presenting at DEFCON 28 in AppSec Village. You’ll work together with the team to create content and present at DEFCON
- We are working on a Capture The Flag challenge (to be published internally and externally) - you’d be creating/breaking CTF challenges.
What you’ll be doing...
- Ensure our applications are aligned with security requirements and designs
- Proactively support work with the Engineering and Product Teams to help them understand security requirements and best practices
- Ensure the Security Development Lifecycle parallels the Software Development Lifecycle
- Assist and train Engineering in secure coding as they develop or modify their application code
- Enhancing our current automated CI/CD pipeline testing
- Conduct application risk assessments and audits using tools, technologies and methods
- Performs application vulnerability testing for weaknesses and recommend corrections or remediate
- Administer security tools such as baseline and attack surface analyzers, health checks, etc.
- Runs internal red team exercises with other team members
We’re looking for…
- Bachelor's Degree in Computer Science or Cryptography
- 5+ years of professional experience in an application security engineering role
- Production facing web application development experience, ideally in Go and / or Node
- Solid understanding of software design principles and secure web application design
- Comprehensive understanding of secure coding practices, knowledge of OWASP top 10 in the context of Web Applications development with experience training in these , such as SQL Injection and Cross Site Scripting
- Knowledge of OWASP top 10 in the context of Web Applications development
- Understands web application security, threat modeling, application identity management and cryptography
- Experience using SAST, DAST and penetration testing tools
- Knowledge of database security is a plus
- Experience using AWS and its associated cloud-based tools is important
- Desire to advance and push the boundaries of application security
- CSSLP, CISSP, OSCP, CEH, or other industry InfoSec certification(s) a plus
- Knowledgeable in security frameworks and best practices a plus (ISO 27001, SOC 2, NIST, HIPAA, etc.)