Senior Security Engineer - Product Security
All roles at JumpCloud are Remote unless otherwise specified in the Job Description.
About JumpCloud
JumpCloud’s mission is to Make Work Happen®, providing simple, secure access to corporate technology resources from any device, or any location. The JumpCloud Directory Platform gives IT, security operations, and DevOps a single, cloud-based solution to control and manage employee identities, their devices, and apply conditional access controls based on Zero Trust principals. Since launching in 2012, our global user base has grown to more than 150,000 organizations, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight and Peloton. JumpCloud has raised over $400M from world-class investors including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike. Our teams are growing fast, too, and we're looking for talent across engineering, sales, customer success, marketing, product management, and more. Join our team of dedicated, passionate, and creative people who are eager to change the IT industry forever.
About the Role:
JumpCloud is looking for a Senior Security Engineer - Product Security to enhance the security posture of our software through domain expertise and hands-on collaboration with product and engineering teams.
You will be someone JumpCloudians across the company depend on and trust to help them build secure and reliable systems. You will be designing and developing innovative security solutions for ensuring our developers build secure products.
You’ll set the vision and strategy for how we securely author and maintain our software. You will be pivotal in driving secure coding and SDLC efforts, code reviews, architecture and design reviews, and threat modeling.
You will be expected to partner closely with product and engineering teams to drive vulnerability remediation, help make design decisions, and consult on new functionality.
You'll be playing a key role in keeping JumpCloud secure and compliant – bringing security to our company's forefront.
Most importantly, you will become a critical member of the team responsible for ensuring the integrity of JumpCloud’s products and keeping JumpCloud’s users safe.
Responsibilities and Duties:
- Perform security reviews and produce threat models for products and new features
- Define and evangelize secure coding practices
- Build security into our SDLC and integrate into our delivery pipelines
- Qualify findings from penetration tests, responsible disclosure programs, static analysis, and other discovery methods
- Present findings and explain the impact and recommended solutions to any level of leadership and other engineers
- Work with software engineers to analyze security vulnerabilities and follow through with issues until resolution
- Build automation and tools to improve security aspects of code quality, SAST, DAST, and QA testing processes
- Prototype and evangelize hardened frameworks or libraries to ensure the right way is the easy way
Qualifications and Skills:
- Substantial knowledge of common web application attacks and defense strategies (e.g., the OWASP Top 10, critical controls, and CWE Top 25). Proficient in detection, exploitation, and prevention of security vulnerabilities.
- Experience in application-level vulnerability testing
- Practical experience with multiple programming languages (e.g., Python, Ruby, Java, JavaScript, Golang)
- In-depth technical knowledge and professional experience with software development, service identity and authentication methodologies, and applied cryptography
- Familiarity with containerization and protecting cloud-native architectures
- Minimum of 5 years of experience with any combination of the following: penetration testing, threat modeling, secure software development, application security, product security
- Understand the people aspects of security and enjoy collaborating with others to build secure things
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate annual compensation range for this role, depending on individual candidate level and experience, is $140,000 to $175,000, including base salary and any related bonuses or commissions. JumpCloud provides a comprehensive benefits package, with several medical plans to choose from including a high deductible HSA plan with employer contribution, two dental plans, vision insurance, flexible spending account (FSA), employee assistance program (EAP), short- and long-term disability, life insurance and a 401k savings plan with match. We have an unlimited vacation policy.
#LI-JW1
Where you’ll be working/Location:
JumpCloud is committed to being Remote First, meaning that are you able to work remotely within the country noted in the Job Description.
For US Roles: All roles posted in United States locations do require that you be located within one of the 50 U.S. States. Our Headquarters is in the Denver/Boulder, CO area but as a remote company, you are able to work remotely anywhere in the U.S. If you would like to spend time in the office in Denver/Boulder area, you are welcome do that as well.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloud's three core values is to “Build Connections.” To us that means creating " human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed." - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
#LI-Remote