Principal Security Engineer at Conga
Our new company (Conga) was created on May 7, 2020 following the merger of Conga and Apttus. The combining of these two powerful companies creates a leader in mission critical business process solutions. The new Conga is poised to provide the most complete offering in the market to digitally transform the foundational elements of business - documents like quotes, contracts, and the processes that surround them - to achieve commercial excellence.
With dual headquarters in Silicon Valley and Denver, Conga offers a competitive pay package, strong employee benefits, and a culture that is centered around our core values. Conga is a place where people from all backgrounds can contribute their unique skills and ideas, make an impact on our business and our customers, and give back to our communities.
For more information on the new Conga, please visit our newsroom at:
- Bring Secure development and testing experience and Determine security requirements by evaluating business strategies and requirements, conducting system security and vulnerability analyses.
- Able to drive overall network and infrastructure security and define and maintain policies that govern how we deliver and maintain our production environments.
- Able to track and mandate processes within engineering to drive security into our SDLC including code scanning and application scanning focused on eliminating OWASP Top 10 vulnerabilities.
- Capable of talking to customers and responding to RFPs on security aspects of the system.
- Work with the security team on risk assessments and the studying of architecture/platform of business systems and to preempt potential issues.
- Evaluate the efficacy of existing security controls. Recommend and implement improvements as necessary.
- Work with external network penetration testing vendors
- Integrate automated security testing (including both static and runtime) capabilities into an evolving CI/CD program.
- Evangelize and enforce security best practices and embed security expertise within each scrum team.
- 8+ years of experience in enterprise software security
- 3+ years of experience with the Salesforce platform, preferably overseeing architecture and security compliance.
- Development experience is a must. Experience is building controls to prevent and identify intrusion.
- Well versed with AWS, Azure and Salesforce clouds.
- Experience with OWASP testing Guide / Open Source Security Testing Methodology Manual.
- Experience with some of the compliance standards like FedRAMP, GDPR, NIST is preferred.
- Expert with common web application security testing tools including, but not limited to Burp, Fiddler, OWASP Zap, and at least one commercial solution (Checkmarx, Veracode, AppScan, or similar).
- Familiarity with Secure Development Lifecycle practices and Agile development.
- Thought leadership in the security field, with demonstrable contributions to industry groups strongly desired.
Conga is proud to be an Equal Opportunity Employer and provides equal employment opportunities to all employees and applicants regardless of race, color, religion, gender, gender identity, age, national origin, disability, parental or pregnancy status, marriage and civil partnership, sexual orientation, veteran status, or any other characteristic protected by law. Reasonable accommodations will be made to meet the requirements of the Americans with Disabilities Act and will be provided as requested by candidates taking part in all aspects of the selection process. All your information will be kept confidential according to EEO guidelines.