You value open collaboration, have a strong desire to learn, and are excited to pick up new skills and technologies. You like to share your knowledge with others and are willing to ask for help in return. You enjoy solving difficult problems, and make use of metrics, monitoring, and testing to help you understand the inner workings of a system. You’re excited to work closely with people throughout the organization, from close teammates to members of ops, and service team members.
ABOUT THE ROLE
We’re looking for a Senior Application Security Engineer to challenge our current processes, and drive security into the pipeline. We’re a fast-growing company in the Enterprise Identity and Access Management and Single Sign-On (SSO) space. We believe in hiring talented individuals with a passion for security and a drive to succeed!
- Develop secure coding & secure design principles
- Train developers, architects, code reviewers, and others on secure coding practices
- Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
- Design and implement SDLC practices including code reviews, static/dynamic code analysis and vulnerability assessments
- Constantly maintain awareness of all known vulnerabilities in application technologies used within OneLogin
- Research any reported or suspected application vulnerabilities
- Assist in developing security related libraries used in our environment
- Bachelor's degree in computer science, management information systems, or related field
- 6+ years of AppSec experience
- Participate in Bug Bounty Programs / Security Research
- Expert level understanding of modern web technologies, mobile, and web application security
- Thorough understanding of OWASP Top 10 vulnerabilities and corresponding best practices for mitigation
- Prior experience securing large-scale web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
- The ability to perform thorough threat modeling of web applications
- The ability to effectively partner and communicate with Engineering and Product teams
- Experience with BurpSuite Pro and dynamic application scanning tools
“Find and secure evil before they do.” In this role, you will lead efforts to uncover and solve infrastructure security issues before threat actors do. Harden assets and procedures around and within OneLogin’s infrastructure. You must have experience not only finding issues, designing solutions, and lead projects to implement them.
OneLogin, the leader in Unified Access Management, connects people with technology through a simple and secure login, empowering organizations to access the world™. The OneLogin Unified Access Management (UAM) platform is the key to unlocking the apps, devices, and data that drive productivity and facilitate collaboration. OneLogin serves businesses and partners across a multitude of industries, with over 2,500 customers worldwide. We are headquartered in San Francisco, California. For more information, visit www.onelogin.com, Blog, Facebook, Twitter, or LinkedIn.
- Security first - We make it our #1 priority to protect data and privacy. From the way we work to the technology we provide, security is top of mind
- Customer focused - We design for, listen to and partner with customers to come up with smart solutions that drive business value
- Collaborative - We take bold steps and work together to thrive across boundaries. We drive productivity as we grow as one team
- Accountable - We get things done and take ownership in our work. Showcasing consistent quality and pride to perform at the highest levels
- Creative - We embody creativity in everything we do. We embrace a diversity of ideas. We execute with ingenuity, flexibility, and agility