Staff Application Security Engineer
Seattle, Washington, United States
Applications have closed
Qualtrics
Know what your customers and employees need, when they need it, and deliver it every time with powerful, AI driven Experience Management (XM) software.Company Description
At Qualtrics, our mission is to close experience gaps—the costly differences between what customers and employees expect, and what they’re receiving. 13,000+ organizations worldwide and more than 80% of the Fortune 100 rely on the Qualtrics Experience Management Platform™ to collect, analyze, and act on feedback—more feedback than they ever thought possible. With Qualtrics XM, organizations can manage the four core experiences of business—customer, employee, product, and brand experience. Organizations can be at every meaningful touchpoint, for every experience, and predict what will resonate most with customers and employees.
The Challenge
As Qualtrics continues to expand the Experience Management (XM) SaaS platform, we must ensure that we’re protecting our customers and their data by building and operating secure systems. With over one thousand software & system engineers contributing to Qualtrics XM every day, we have a large attack surface to evaluate and secure. This role is critical to this mission.
Qualtrics is seeking an experienced security engineer/architect with a passion for security and demonstrated expertise in product and application security. The selected candidate will provide technical leadership and subject matter expertise within the Application Security team and across the product engineering organization.
The Application Security team is responsible for measures to improve and ensure the security of web & mobile applications, code and related components in Qualtrics SaaS products (including those of our acquired companies). The team owns secure development standards and training, security testing tools focused on the application layer (e.g., SAST, DAST, IAST, SCA), threat modeling, penetration testing, red team, bug bounty and vulnerability disclosure programs. Application Security works in collaboration with other teams within the Information Security organization, including infrastructure and cloud security, vulnerability management, network security, security operations and incident response, and security assurance.
A Day in the Life
- Review source code & software/system designs, and consult with engineers across the organization to identify and/or avoid security issues through alignment with security standards and best practices
- Perform manual penetration testing to uncover hard-to-find security flaws in new/existing features and system components
- Leverage your accumulated subject matter expertise of Qualtrics applications, systems and code to propose design patterns and drive architectural improvements which address classes of security flaws in the platform
- Develop and implement the product & application security architecture and contribute to program strategy and roadmap plans
- Facilitate threat modeling exercises to ensure optimized security design decisions are being made
- Document and improve secure development lifecycle processes, standards and guidelines
- Deliver training and provide mentoring to software engineers on security topics
- Lead bug bounty and vulnerability disclosure programs, including the triage and validation of reported findings
- Lead internal purple and red team exercises to proactively evaluate Qualtrics environments for security flaws
- Perform the selection, design, development, implementation and management of automated security testing tools; maintain relationships with product vendors
The Expectation for Success
You will define and drive improvements to the product and application security program; mentor other security engineers; and provide expert guidance and work effectively with the Qualtrics engineering organization and fellow security team members to protect our customers and their data by building and operating secure systems.
Skills That Will Lead to Success
- Bachelor’s degree in Computer Science or a related field
- Over 12 years of relevant work experience
- Experience as a senior/staff/lead security engineer in product or application security
- Experience leading security projects and initiatives that require collaboration with teams across an organization
- Manual web application penetration testing experience, including the use of professional penetration testing tools (e.g., Burp Suite)
- Sound understanding of application security vulnerabilities (e.g., OWASP Top 10), defense techniques and security best practices, including language-specific security practices and present-day threats
- Experience with modern application development languages and frameworks (e.g., Node.js, Java, Golang, Python, React, Angular)
Preferred Qualifications
- Experience with assessing/securing large, complex SaaS applications
- One or more relevant security certifications (CEPT, CMWAPT, CPT, CEH, LPT, GWAPT, GPEN, GXPN, OSCP)
- Strong familiarity with AWS, Docker, Kubernetes, Linux and similar infrastructure/technologies
- Experience securing iOS/Android mobile apps
- Prior full time software development experience, with the ability to contribute to reusable code libraries that implement security requirements within the product
Tags: Android Application security AWS Burp Suite CEH Cloud Computer Science DAST Docker Golang GPEN GWAPT GXPN Incident response iOS Java Kubernetes Linux Network security Node.js OSCP OWASP Pentesting Python Red team SaaS SAST Strategy Vulnerabilities Vulnerability management
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs