Staff Application Security Engineer
USA Remote
Applications have closed
Kandji
Kandji goes beyond Apple MDM solutions by connecting device security and device management. Welcome to Device Harmony.Kandji is building the future of Apple Enterprise Management. The use of Apple devices in the enterprise is growing rapidly. Drawing on decades of experience in Apple IT, we saw a dire need for a modern Apple device management platform that could accommodate growing businesses and increasing regulatory demands.
Kandji grew to hundreds of B2B customers within a few months of initial product launch in 2019, and secured a $100 million Series C in late 2021. Today, we have a 95% Customer Satisfaction rate and a rapidly growing community of customers, including names like Crunchbase, Belkin, Rackspace, Allbirds, FabFitFun, VSCO, and Turo.
Behind our business is a handful of the best investors in tech. Together, we are creating a new category of device management that can better serve modern businesses.
The Opportunity
As a Staff Application Security Engineer, you will help our infrastructure and engineering teams build and maintain Kandji's Secure Software Development Lifecycle. In this role, you’ll build and mature security process gates and develop a series of standards to support our product at scale. You will have the opportunity to work alongside development teams, lead remediation efforts, define best practices through secure code reviews, architecture reviews, third-party package management, static code analysis, and spearhead our bug bounty initiatives.
Day to Day
- Lead the design of cyber security standards and controls on Kandji’s cloud platform, define secure development practices, identify threats and risks, lead a "secure by design" culture, and build security into Waters' Cloud Platform and multi-tenant SaaS applications
- Collaborate closely with engineering and security teams on security-focused SDLC process gates and implementation of security best practices.
- Drive adoption of Policy as Code, adherence to software security metrics, lead vulnerability management efforts
- Implement Cloud Platform and Application Security Blueprint and drive adoption of standardized methodologies, libraries, and Tools
- As a security SME, own identification and remediation of vulnerabilities within applications codebase, as well as 3 rd party dependencies, with a focus on maturing Security Engineering beyond OWASP Top Ten
- Define secure coding practices and guidance, conduct security reviews, and drive down security-related technical debt
- Develop scripts and tooling to “shift-left” common security tasks to DevSecOps;
- Participate in and support security feature reviews and threat modeling;
- Contribute to a secure/compliant cloud-native service catalog
- Collaborate with engineering and operations teams to implement and automate security controls and processes cloud-native security monitoring, tooling, and reporting
Minimum Qualifications
- Extensive experience in SaaS product development and the application security space; securing complex interconnected web applications and their architectures using Python, Go, or any other modern object-oriented language.
- A documented history of finding high-impact vulnerabilities or participating in the creation of tools to do the same
- A track record of developing projects from design to implementation and maintenance A broad and practical understanding of security fundamentals and their application Experience using a variety of static and dynamic security tools
- Practical knowledge and experience working in public cloud environments & IAM solutions (AWS, GCP, etc.)
- An interest in building creative solutions to challenging security problems with a focus on SaaS and product engineering
We are excited to be serving a significant need for a fast-growing market, and are proud of the high-performing team we have brought together so far. If you’re someone who wants to engage in new, exciting projects that will challenge your skills in the best way possible, we would love to connect with you.
At Kandji we believe in fostering an inclusive environment in which employees feel encouraged to share their unique perspectives, leverage their strengths, and act authentically. We know that diverse teams are strong teams, and welcome those from all backgrounds and varying experiences.
#LI-Remote
Tags: Application security AWS C Cloud Code analysis DevSecOps GCP IAM Monitoring OWASP Python SaaS SDLC Vulnerabilities Vulnerability management
Perks/benefits: 401(k) matching Career development Cell phone stipend Competitive pay Equity Health care Home office stipend Medical leave Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs