Senior Security Engineer (SAST DAST Pen Testing) (Hybrid/Remote)
IvantiIvanti provides solutions for IT asset management, IT service management, endpoint security, supply chain management & more. Discover the power of unified IT management when you get in touch with us today.
Who We Are
Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management and security solutions - helping organizations reduce risks and costs associated with managing their IT environment.
Ivanti is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work, as well as many accolades for the products it develops. Our customer focus strategy is driven by the company’s core values, including innovation, accountability, teamwork, and trust, it's an exciting time to join Ivanti.
Looking for more than just a job? We like developing our people just as much as we like developing great products and services
If you’re passionate about what you do, are a champion of customer satisfaction and success, and interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!
What We Do
- Empower users to seamlessly and securely connect from any place in the world that offers air, water and… Internet!
- Equip organizations with the right tools to configure access, manage and enforce compliance with a holistic view on network, users and usage.
- Empower organizations to continue to breathe easy, now with an added sense of invincibility.
- Work hard so that you can focus on the things you want to!
Who you are
- Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
- Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
- Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.
What You'll Do
- Develop a broad and deep technical understanding of products, services and architectures.
- Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
- Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
- Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
- Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
- Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
- Propose and develop training materials to help raise the security bar across the organization.
- Develop innovative and scalable tools, solutions, and processes to enhance product security operations
What You’ll Need To Be Successful
- 5+ years of experience in web application security, SSDLC, Threat Modeling
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they can be brought to bear for security QE
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Ability to work in a self directed environment that is highly collaborative and cross functional
- Educate application developers to enhance quality of security in the code
- Programming knowledge with Java web application & Python
- Knowledgeable regarding backend security topics such as secret management and service authentication
- Perform penetration tests and coordinate third-party vendor Pen Tests
- Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations
What Would Be Nice To Have
- B.S. Computer Science or similar combination of education and experience
- Strong software development exposure (Java, iOS and Android APIs, Web, Python)
- Good communication skills
- Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Have experience in web, database, information and/or infrastructure security
- Know and love learning about the latest security tools, infrastructure, and industry best practices
- Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
- Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
- Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
At Ivanti, we are One. One Company, formed from many. One people, formed by an environment of mutual respect and trust made up by people working together without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by law. As a global company, we believe that diversity and inclusion among our team members is critical to our success and we proactively strive to recruit, develop and retain the best and brightest people from the most diverse candidate pools we can find all over the world.
Other jobs like this
Senior Security Engineer, Application SecurityApplication security Blockchain Crypto Encryption GDPR Java Kotlin Monitoring OWASP Privacy +2
Career development Equity Flex vacation Health care Insurance +1
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs