Posted 4 months ago
Senior Application Security Engineer – Duo Security
LOCATION: Ann Arbor, Michigan, US
- ADDITIONAL LOCATION(S): Remote, Other US Cisco Office
AREA OF INTEREST: Engineer – Software
JOB TYPE: Professional
TECHNOLOGY INTEREST: Security
JOB ID: 1280165
What you’ll do…
- Automate application security testing techniques and tools including, but not limited to; static analysis, dynamic analysis, software composition analysis and container scanning to validate the security of Duo products and its development practices.
- Conduct product security incident response investigations by being the first line of defence for internal and external Duo customers. Handle the coordinated vulnerability disclosure process to ensure security interests of end users and relevant stakeholders.
- Liaison with product, customer support, sales and engineering teams to provide ad-hoc technical security expertise.
- Educate and enable secure product development by providing guidance, implementing aid tools, building and operationalizing security guidelines.
- Build and facilitate application security trainings for topics including; security vulnerabilities, remediation, secure coding practices, testing and tooling.
- Evaluate and manage third party risk to Duo products and customers.
Skills you have…
- You’re familiar with security tools like static and dynamic analysis tools.
- You are able to mentor and be mentored on security practices, controls and bring an influential flair to your audience whether it is one on one, during a presentation or workshop.
- You understand security engineering principles, and how to seriously consider when a “best practice” may not be, in fact, the best choice or positively impact actual security and our customers.
4 Reasons why you should apply…
- You’re excited to be part of building an ever-maturing application security program that covers the Security Development Lifecycle, from training through incident response.
- You love to communicate in a friendly, encouraging manner with software engineers, helping to not only identify security issues, but also a mentor and advocate on solutions.
- You’re passionate about security, but understand each control or process has a “cost” that must be thought about critically, and from the point-of-view of many stakeholders.
- You want to continuously elevate your skills and the skills of your teammates.
4 Reasons why you SHOULDN’T apply….
- You only find excitement in breaking software. This role requires a broad participation in realizing a world-class application security program that leverages many talents at once.
- Getting work done quickly is more important than how you present that work. We pride ourselves in detailed, well-written communications — whether on reports or email.
- You don’t enjoy self-management of many tasks of various priority levels that can shift day-to-day. We value accountability of work that spans across tactical & strategic goals.
- You are a lone wolf and prefer not to work on a team where collaboration and insight focuses the team for success on a daily basis.