Security Engineer - Vulnerability Management
Remote in the U.S. or Denver/Louisville, CO
JumpCloud is looking for a Security Engineer focusing on Vulnerability Management. You will be pivotal in driving secure coding and SDLC efforts, including secure code reviews, project security reviews, penetration testing, and application scanning processes.
You will be in the thick of it daily, driving bug remediation, meeting with project teams to identify and secure changes in new functionality and stay at the forefront of bug identification and patching efforts. You will partner with your fellow security engineers to keep JumpCloud growing while keeping us secure!
You'll be someone JumpCloudians across the company depend on and trust to respond quickly and effectively in a crunch. The outstanding communication and collaboration skills needed to work in partnership with diverse stakeholders.
Most importantly, you will become a critical member of the team responsible for ensuring JumpCloud products' integrity and keeping JumpCloud users safe.
About the Role:
You'll be backed by JumpCloud's Manager of Security and Director of Cloud Operations, the company's leadership team, and a cross-functional team of skilled engineers from various perspectives, all working with a singular focus of maintaining our customer's trust. You'll be exposed to the reality of how JumpCloud functions on a technical and process level and will build a comprehensive base of knowledge around how it all works together. In doing so, you'll be playing a role in keeping JumpCloud secure and compliant, bringing security to our company's forefront.
Guide product and engineering teams to building secure features through security architecture design reviews and threat modeling
Evangelize secure coding practices across all engineering teams
Build security into continuous integration and delivery pipelines
Build security into our SDLC, participate in security design reviews, steer the team towards safe and reliable solutions, coordinate 3rd party penetration tests, etc
Present findings and explain the impact and solutions to any level of leadership and other engineers.
Perform security reviews and produce threat models for applications by working with product engineering and architects.
Monitor our bug bounty program, static application security testing, and custom monitoring tools for suspicious activity and run incident response when required.
Work with software engineers to analyze security vulnerabilities and follow through with issues until resolution.
Experience in application-level vulnerability testing or building software security controls.
Substantial knowledge of web application attacks and defense strategies (e.g., the OWASP Top 10 and CWE Top 25)
Proficient in detection, exploitation, and prevention of security vulnerabilities.
Foundation in, and in-depth technical knowledge of software development, security engineering, computer and network security, authentication, security protocols, and applied cryptography.
Experience integrating security controls into agile software development processes
Familiarity with containerization and protecting cloud-native architectures
Minimum of 5 years of experience with any combination of the following: penetration testing, threat modeling, secure software development, application security
Experience with multiple programming languages (e.g., Ruby, Java, Node, Golang)
Understand the people aspects of security and enjoy collaborating with others to build secure things
Views security as an enabler, not an inhibitor to innovation.
Ownership and Accountability
High Level of Integrity
Creative Problem Solver
Passionate about Security
Do you enjoy solving challenging problems using the latest technologies within a great team? Is knowing your work will be highly visible and mission-critical, a key component of your career next step? At JumpCloud, we're looking for best-in-class talent to help define the future of modern identity and device management from the ground up.
We built a disruptive new technology called Directory-as-a-Service®. It is reinventing a two-decade-old monopoly, giving thousands of organizations across the globe freedom of choice with their IT solutions. We provide companies the ability to remotely manage and control all of their organization's identities, devices, & resources on a single, comprehensive, cloud-based platform. That means doing it better, faster, easier, and more securely by staying on the bleeding edge of technology.
Where you’ll be working
We have two offices in Colorado, one in Louisville and one in downtown Denver. Once we reopen offices you will have the opportunity to work from one of our office locations, flex your time or remain fully remote (in the U.S.).
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you!
JumpCloud is an incredible place to share and grow your expertise! You’ll work with amazing talent across each department who are passionate about our mission. We’re out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. You’ll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
We're an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.