Senior Application Security Engineer
About OneLogin
OneLogin brings speed and integrity to the modern enterprise with an award-winning single sign-on (SSO) and cloud identity management platform. Our portfolio of solutions secures connections across all users, all devices, and every application, helping companies drive new levels of security, and efficiency across all applications. OneLogin manages and secures millions of identities around the globe. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, Blog, Facebook, Twitter, or LinkedIn.
About the role
We’re looking for a Senior Application Security Engineer to challenge our current processes, and drive security into the pipeline. We’re a fast-growing company in the Enterprise Identity and Access Management and Single Sign-On (SSO) space. We believe in hiring talented individuals with a passion for security and a drive to succeed!
About you
- Develop secure coding & secure design principles
- Train developers, architects, code reviewers, and others on secure coding practices
- Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- Constantly maintain awareness of all known vulnerabilities in application technologies used within OneLogin
- Research any reported or suspected application vulnerabilities
- Assist in developing security related libraries used in our environment
Requirements
- Bachelor's degree in computer science, management information systems, or related field
- 6+ years of AppSec experience
- Participate in Bug Bounty Programs / Security Research
- Expert level understanding of modern web technologies, mobile, and web application security
- Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
- Prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
- The ability to perform thorough threat modeling of web applications
- The ability to effectively partner and communicate with Engineering and Product teams
- Experience with BurpSuite Pro and dynamic application scanning tools
- Local candidates only, please
Our core values
- Security first - We make it our #1 priority to protect data and privacy. From the way we work to the technology we provide, security is top of mind
- Customer focused - We design for, listen to and partner with customers to come up with smart solutions that drive business value
- Collaborative - We take bold steps and work together to thrive across boundaries. We drive productivity as we grow as one team
- Accountable - We get things done and take ownership in our work. Showcasing consistent quality and pride to perform at the highest levels
- Creative - We embody creativity in everything we do. We embrace a diversity of ideas. We execute with ingenuity, flexibility, and agility