ABOUT THE ROLE

We're looking for a Lead Application Security Engineer to challenge our current processes, and drive security into the pipeline. We're a fast-growing company in the Enterprise Identity and Access Management and Single Sign-On (SSO) space. We believe in hiring talented individuals with a passion and drive to succeed!

ABOUT YOU

• Develop secure coding & secure design principles
• Train developers, architects, code reviewers, and others on secure coding practices
• Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
• Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
• Constantly maintain awareness of all known vulnerabilities in application technologies used within OneLogin
• Research any reported or suspected application vulnerabilities
• Assist in developing security related libraries used in our environment

REQUIREMENTS

• Bachelor's degree in computer science, management information systems, or related field
• 8+ years of AppSec experience
• Participate in Bug Bounty Programs / Security Research
• Expert level understanding of modern web technologies, mobile, and web application security
• Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
• Prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
• The ability to perform thorough threat modeling of web applications
• The ability to effectively partner and communicate with Engineering and Product teams
• Experience with BurpSuite Pro and dynamic application scanning tools

ABOUT ONELOGIN

OneLogin, the leader in Unified Access Management, connects people with technology through a simple and secure login, empowering organizations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,500 customers worldwide. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, Blog, Facebook, Twitter, or LinkedIn.

Our core values

• Security first - We make it our #1 priority to protect data and privacy. From the way we work to the technology we provide, security is top of mind
• Customer focused - We design for, listen to and partner with customers to come up with smart solutions that drive business value
• Collaborative - We take bold steps and work together to thrive across boundaries. We drive productivity as we grow as one team
• Accountable - We get things done and take ownership in our work. Showcasing consistent quality and pride to perform at the highest levels
• Creative - We embody creativity in everything we do. We embrace a diversity of ideas. We execute with ingenuity, flexibility, and agility