Lead Application Security Engineer
ABOUT THE ROLE
We're looking for a Lead Application Security Engineer to challenge our current processes, and drive security into the pipeline. We're a fast-growing company in the Enterprise Identity and Access Management and Single Sign-On (SSO) space. We believe in hiring talented individuals with a passion and drive to succeed!
ABOUT YOU
- Develop secure coding & secure design principles
- Train developers, architects, code reviewers, and others on secure coding practices
- Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- Constantly maintain awareness of all known vulnerabilities in application technologies used within OneLogin
- Research any reported or suspected application vulnerabilities
- Assist in developing security related libraries used in our environment
REQUIREMENTS
- Bachelor's degree in computer science, management information systems, or related field
- 8+ years of AppSec experience
- Participate in Bug Bounty Programs / Security Research
- Expert level understanding of modern web technologies, mobile, and web application security
- Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
- Prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
- The ability to perform thorough threat modeling of web applications
- The ability to effectively partner and communicate with Engineering and Product teams
- Experience with BurpSuite Pro and dynamic application scanning tools
ABOUT ONELOGIN
OneLogin, the leader in Unified Access Management, connects people with technology through a simple and secure login, empowering organizations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,500 customers worldwide. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, Blog, Facebook, Twitter, or LinkedIn.
Our core values
- Security first - We make it our #1 priority to protect data and privacy. From the way we work to the technology we provide, security is top of mind
- Customer focused - We design for, listen to and partner with customers to come up with smart solutions that drive business value
- Collaborative - We take bold steps and work together to thrive across boundaries. We drive productivity as we grow as one team
- Accountable - We get things done and take ownership in our work. Showcasing consistent quality and pride to perform at the highest levels
- Creative - We embody creativity in everything we do. We embrace a diversity of ideas. We execute with ingenuity, flexibility, and agility