Software Engineer, Security at JumpCloud
Louisville, CO and Denver, CO and Remote
Overview:
JumpCloud is seeking a progressive, cloud-focused, and experienced engineer who is passionate about security and truly understands how to design solutions to protect both JumpCloud’s infrastructure as well as our customers. The ideal candidate will have a passion for cybersecurity, threat analysis and detection, and developing/automating creative solutions. Additionally, we are looking for someone who can provide advice and expertise to our engineering team at large in order to maintain the highest level of security in our application from top to bottom. 
In this role, you'll be on the front lines of security audits, risk analysis, and vulnerability testing in all areas of JumpCloud with the number one priority of customer protection. Additionally, you will provide our feature development and devops teams with strategies and analysis on code-level security practices. We expect you to have a mindset of being methodically paranoid and curious, and continue to hone your skills to align the security risk management with business objectives.
You'll be backed by JumpCloud's Director of Security and CTO, the company’s leadership team, and a cross-functional team of skilled engineers from a variety of perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how JumpCloud functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in helping keep JumpCloud secure and compliant, bringing security compliance findings to these teams and contributing to raising the security bar across the company.

• Perform technical security assessments, code audits, and design reviews.
• Develop technical solutions to help mitigate security vulnerabilities.
• Advocate for security and secure practices throughout JumpCloud.
• Conduct research to identify new attack vectors against JumpCloud's products and services.
• Be involved in offensive security exercises.
• Implement automation of vulnerability scanning and detection
• Build and deploy automation for monitoring our infrastructure, application, and network
• Assist in the development and enforcement of security policies and best practices
• Mentor the entire JumpCloud team on security best practices
• Evaluate and recommend new and emerging security products and technologies
• Mitigate abusive activities such as botnets, DDoS, and spamming
• Live and breathe all things security and be an advocate for customer trust and privacy protection
• Instill a secure-by-design culture throughout the entire company by educating security best practices using effective principle-based persuasion techniques.
• Design and create an automated security testing suite
• Work with cross functional teams to build and vet threat models for each part of our product
• Dogfood our product to enhance both internal security and the security of our customers
• Maintain and ensure a robust PKI system across both internal operations and the product
• Design and maintain threat detection capabilities and response
• Develop training and education materials to help scale and deepen security knowledge within the organization
• Build a CTF to engage JC developers on security and teach common exploit patterns

What you’ll be doing...

• Ensure our applications are aligned with security requirements and designs
• Proactively support work with the Engineering and Product Teams to help them understand security requirements and best practices
• Ensure the Security Development Lifecycle parallels the Software Development Lifecycle
• Assist and train Engineering in secure coding as they develop or modify their application code
• Enhancing our current automated CI/CD pipeline testing
• Conduct application risk assessments and audits using tools, technologies and methods
• Performs application vulnerability testing for weaknesses and recommend corrections or remediate
• Administer security tools such as baseline and attack surface analyzers, health checks, etc.
• Runs internal red team exercises with other team members
• Build out and monitor threat detection and analysis

We’re looking for a majority of any of the following…

• Bachelor's Degree in Computer Science, Mathematics, or equivalent
• 3+ years of professional experience in a security engineering role
• Experience shipping production or customer facing code
• Solid understanding of software design principles, cloud architecture, and secure web application design
• Comprehensive understanding of secure coding practices, OWASP Top 10, common attack vectors and threat models for both on premise and cloud based applications
• Understands application identity management fundamentals
• Experience with static and dynamic vulnerability analysis, fuzzing, and tools like Metasploit
• Experience using cloud platforms and their associated tooling is important (we are an AWS shop)
• Knowledge of database security is a plus
• Cryptography experience or knowledge a plus
• Desire to advance and push the boundaries of application security
• CSSLP, CISSP, OSCP, CEH, or other industry InfoSec certification(s) a plus
• Knowledgeable in compliance frameworks and best practices a plus (ISO 27001, SOC 2, NIST, HIPAA, etc.)
• Experience with version control; specifically Git and GitHub

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.